SUSE CVE-2010-0991

Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted 1 ARGB, 2 XPM, or 3 BMP file, related to the IMAGEDIMENSIONSOK macro in lib/image.h...

SUSE CVE-2013-7437

Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service crash via large dimensions in a BMP image, which triggers a buffer overflow...

SUSE CVE-2016-7392

Heap-based buffer overflow in the pstoeditsuffixtableinit function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service out-of-bounds write via a crafted bmp image file...

SUSE CVE-2016-8691

The jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted XRsiz value in a BMP image to the imginfo command...

SUSE CVE-2016-8694

The bmreadbodybmp function in bitmapio.c in potrace before 1.13 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696...

SUSE CVE-2016-8698

Heap-based buffer overflow in the bmreadbodybmp function in bitmapio.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703...

SUSE CVE-2016-8697

The bmnew function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service divide-by-zero error and crash via a crafted BMP image...

SUSE CVE-2016-8702

Heap-based buffer overflow in the bmreadbodybmp function in bitmapio.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8703...

SUSE CVE-2016-8700

Heap-based buffer overflow in the bmreadbodybmp function in bitmapio.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703...

SUSE CVE-2016-8703

Heap-based buffer overflow in the bmreadbodybmp function in bitmapio.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8702...

SUSE CVE-2016-8884

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690...

SUSE CVE-2019-15144

In DjVuLibre 3.5.27, the sorting functionality aka GArrayTemplate::sort allows attackers to cause a denial-of-service application crash due to an Uncontrolled Recursion by crafting a PBM image file that is mishandled in libdjvu/GContainer.h...

SUSE CVE-2021-43579

A stack-based buffer overflow in imageloadbmp in HTMLDOC = 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file...

Medium: autotrace

Issue Overview: Heap-based buffer overflow in the pstoeditsuffixtableinit function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service out-of-bounds write via a crafted bmp image file. CVE-2016-7392 A biWidthbiBitCnt integer overflow in input-bmp.c in...

Amazon Linux 2022 : autotrace, autotrace-devel (ALAS2022-2022-160)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-160 advisory. A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. CVE-2019-19004 A bitmap doubl...

GIMP Denial of Service Vulnerability

GIMP is an open source bitmap image editor from the GIMP team. GNOME GIMP version 2.10.30 contains a denial of service vulnerability, which stems from the processing of crafted XCF files in gimplayerinvalidateboundary triggering an unhandled exception that could be exploited by an attacker to cau...

CVE-2022-27529

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code...

OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

AlmaLinux 8 : autotrace (ALSA-2021:4519)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4519 advisory. - A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed...

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...