SUSE CVE-2017-9167

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25...

SUSE CVE-2017-9171

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24...

SUSE CVE-2017-9190

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service invalid free, related to the freebitmap function in bitmap.c:24:5...

SUSE CVE-2017-11528

The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service memory leak via a crafted file...

SUSE CVE-2017-12122

An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

SUSE CVE-2017-13673

The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service assertion failure in the cpuphysicalmemorysnapshotgetdirty function...

SUSE CVE-2017-14175

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over th...

SUSE CVE-2018-1093

The ext4validblockbitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service out-of-bounds read and system crash via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers...

SUSE CVE-2018-5685

In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function coders/bmp.c. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value...

SUSE CVE-2018-8787

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdiBitmapDecompress and results in a memory corruption and probably even a remote code execution...

SUSE CVE-2018-8796

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function processbitmapupdates that results in a Denial of Service segfault...

SUSE CVE-2018-8795

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function processbitmapupdates and results in a memory corruption and probably even a remote code execution...

SUSE CVE-2018-12181

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access...

SUSE CVE-2018-13096

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service out-of-bounds memory access and BUG can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image...

SUSE CVE-2018-14498

get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries...

SUSE CVE-2018-18024

In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file...

SUSE CVE-2018-18511

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected.. This vulnerability affects Firefox 65.0.1...

SUSE CVE-2018-20189

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping which is not available beyond 8-bits/sample, and therefore lacks indexes...

SUSE CVE-2018-20330

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench...

SUSE CVE-2018-20544

There is floating point exception at caca/dither.c function cacaditherbitmap in libcaca 0.99.beta19...