Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in video/SDLpixels.c in SDL Simple DirectMedia Layer. Using a crafted malicious .BMP file, an attacker can cause the application using this library to crash and potentially execute arbitrary code. Remediation...

DEBIAN-CVE-2021-33657

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

UBUNTU-CVE-2021-33657

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

PT-2022-7230 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.10 Description: The issue is related to the input set capability function in the Linux kernel, which can lead to an uncontrolled consumption of resources. An attacker can exploit this to cause a denial of...

Lead Technologies LEADTOOLS 输入验证错误漏洞

Lead Technologies LEADTOOLS is an image processing development kit from LEAD Technologies USA. Lead Technologies LEADTOOLS 22 suffers from an Input Validation Error vulnerability that stems from a specially crafted BMP file that could lead to an integer overflow, which in turn could lead to a...

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw a local attacker with user privilege may gain access to out-of-bounds memory leading to a system integrity and confidentiality threat.

...

CVE-2021-46645

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2021-46616

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2021-46615

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2021-46605

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2021-46605

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

ffjpeg 代码问题漏洞

ffjpeg is a JPEG encoder/decoder by the individual developer Kai Chen in China. A rejection vulnerability exists in ffjpeg, which originates when the size information in the metadata of a bmp is out of range, it returns without allocating a memory buffer to pb-pdata and without exiting the progra...

AlmaLinux 8 : autotrace (ALSA-2021:4519)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4519 advisory. - A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed...

ROS-20220125-07

A vulnerability in the GIMP bitmap graphics editor is related to improper input validation, where the path name in the constructed command line is not escaped or filtered. Exploitation of the vulnerability could allow an attacker acting remotely to send special data to the application and execute...

Bentley Systems MicroStation 安全漏洞

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, Inc. A buffer overflow vulnerability exists in Bentley MicroStation CONNECT 10.16.0.80 when parsing BMP images, which stems from a failure to Lack of proper validation of the length...

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

PT-2022-5416 · Corel · Coreldraw Graphics Suite

Name of the Vulnerable Software and Affected Versions: Corel CorelDRAW Graphics Suite version 23.5.0.506 Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this, where the target must visit a malicio...

CVE-2021-34907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2021-34903

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...