PT-2026-36893

Name of the Vulnerable Software and Affected Versions CImg Library versions prior to commit c3aacf5 Description An issue exists in the processing of BMP files where the nb colors field from the file header is used to calculate allocation size without validation against the actual remaining file...

MiracleLinux 7 : libtiff-4.0.3-35.0.3.el7.AXS7 (AXSA:2025-10907:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10907:02 advisory. CVE-2017-9117: add checks for all BMP reading operations to avoid buffer overflow CVEs: CVE-2017-9117 In LibTIFF 4.0.6 and possibly other versions, the...

CVE-2021-29365

Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCropW component. This can cause a denial of service DOS...

PT-2019-5847 · Imagemagick +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.9-0 Description: A flaw was found in ImageMagick in coders/bmp.c, related to an integer overflow of the value. This could allow a remote attacker to cause a denial of service using a specially crafted file. T...

Meitu Xiu Xiu PC version suffers from dll hijacking vulnerability

Meitu Xiu Xiu for PC is a photo beautification software. A dll hijacking vulnerability exists in Meitu Xiu Xiu for PC when handling bmp and other files. An attacker can exploit this vulnerability to load a malicious dll and execute malicious code...

CVE-2018-17686

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

DEBIAN-CVE-2018-20467

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...

SUSE-SU-2018:3879-1 Security update for tiff

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tiflzw.c bsc1113672. - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf bsc1099257. - CVE-2017-9147: Fixed...

Foxit Reader BMP biWidth Heap-based Buffer Overflow (CVE-2017-17557)

A heap-based buffer overflow vulnerability exists in the BMP processing component of Foxit Reader. This vulnerability is due to improper validation of the biWidth field in a BMP file...

PhotoZoom Classic 7 Handles BMP with Denial of Service Vulnerability

PhotoZoom Classic 7 is a photo manipulation tool. A denial of service vulnerability exists in PhotoZoom Classic 7 when processing BMP format, which can be exploited to cause a program crash by constructing a malformed BMP image, and can be successfully exploited to cause arbitrary code execution...

CVE-2017-9117

CVE-2017-9117 affects LibTIFF (notably 4.0.6 and possibly other versions). The issue is a heap-based buffer over-read when processing BMP images because biWidth/biHeight in the bitmap-information header are not verified against the actual input, as demonstrated in bmp2tiff. The BMP handling path ...

FoxPDF BMP PDF Converter Handles BMP Heap Overflow Vulnerability

FoxPDF BMP PDF Converter supports BMP format BMP to PDF, it also includes file formats such as, web page file html, RTF, text file and image format PDF FoxPDF BMP PDF Converter has a heap overflow vulnerability in the processing of BMP images, which allows an attacker to exploit the vulnerability...

Debian DSA-3546-1 : optipng - security update

Hans Jerry Illikainen discovered that missing input sanitising in the BMP processing code of the optipng PNG optimiser may result in denial of service or the execution of arbitrary code if a malformed file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

OptiPNG memory misreference vulnerability (CNVD-2016-02171)

OptiPNG is a set of tools for lossless compression of images. A memory misreference vulnerability exists in OptiPNG version 0.6.4, which stems from the program failing to properly filter inputs in BMP processing code. An attacker could use this vulnerability to cause a denial of service or execut...

OptiPNG Denial of Service Vulnerability (CNVD-2016-02172)

OptiPNG is a set of tools for lossless compression of images. A denial of service vulnerability exists in OptiPNG version 0.6.4, which stems from the program failing to properly filter inputs in BMP processing code. An attacker could exploit this vulnerability to cause a denial of service or...

OptiPNG Memory Misreference Vulnerability

OptiPNG is a set of tools for lossless compression of images. A memory misreference vulnerability exists in OptiPNG version 0.6.4, which stems from the program failing to properly filter inputs in BMP processing code. An attacker could use this vulnerability to cause a denial of service or execut...

[SECURITY] [DSA 3546-1] optipng security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3546-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 07, 2016 https://www.debian.org/security/faq -...

autotrace buffer overflow

Buffer overflow on BMP processing...

Sun JRE / JDK multiple security vulnerabilities

Buffer and integer overflows in JPG and BMP processing, sandbox protection bypass with system classes...

security flaw

The BMP image processor for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service infinite loop via a crafted BMP file...