GSD-2022-1003119 md/bitmap: don't set sb values if can't pass sanity check

md/bitmap: don't set sb values if can't pass sanity check This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

GIMP Denial of Service Vulnerability

GIMP is an open source bitmap image editor from the GIMP team. GNOME GIMP version 2.10.30 contains a denial of service vulnerability, which stems from the processing of crafted XCF files in gimplayerinvalidateboundary triggering an unhandled exception that could be exploited by an attacker to cau...

CVE-2022-32236

When a user opens manipulated Windows Bitmap .bmp, 2d.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-32236

When a user opens manipulated Windows Bitmap .bmp, 2d.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-32236

When a user opens manipulated Windows Bitmap .bmp, 2d.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

Design/Logic Flaw

When a user opens manipulated Windows Bitmap .bmp, 2d.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-32236

When a user opens manipulated Windows Bitmap .bmp, 2d.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-32236

SAP 3D Visual Enterprise Viewer is affected by CVE-2022-32236 via parsing manipulated Windows Bitmap BMP and related 2d.x3d inputs from untrusted sources. The issue, documented by ZDI as a BMP parsing out-of-bounds write enabling remote code execution, can crash the application or allow code exec...

CVE-2022-31796

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use...

UBUNTU-CVE-2022-31796

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use...

libjpeg 缓冲区错误漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding and other JPEG functions. A security vulnerability exists in libjpeg version 1.63, which stems from a heap-based buffer overread in HierarchicalBitmapRequester::FetchRegion in...

CVE-2019-15143

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...

new packages: bitmap-fonts

An update is available for bitmap-fonts. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

UBUNTU-CVE-2022-25169

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files...

OESA-2022-1645 SDL2 security update

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fixes: SDL Simple DirectMedia Layer through 2.0.12 has an Integer Overflow and resultant SDLmemcpy heap corruption in SDLBlitCopy in...

ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...

Microsoft Windows Kernel Bitmap Surface Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

PT-2022-19049 · Ffjpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg affected versions not specified Description: The issue is related to an integer overflow vulnerability in the bmp load function in bmp.c, which can lead to a heap overflow in jfif encode in jfif.c. This vulnerability is a result of an...

CVE-2022-27529

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code...

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from the American company Autodesk. A security vulnerability exists in Autodesk AutoCAD 2022, 2021, 2020, 2019, which originates from a maliciously crafted PICT, BMP, PSD, or TIF file that can be used to write to a buffer beyond the...