DEBIAN-CVE-2021-43579

A stack-based buffer overflow in imageloadbmp in HTMLDOC = 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file...

UBUNTU-CVE-2021-43579

A stack-based buffer overflow in imageloadbmp in HTMLDOC = 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file...

CVE-2021-44423

An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance ODA Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this...

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite) causing stack consumption in NTFS-3G < 2021.8.22.

...

Siemens Syngo FastView 缓冲区错误漏洞

Siemens Syngo FastView is a standalone viewer of Dicom 2 images available on Dicom exchange media from Siemens, Germany. An out-of-bounds write vulnerability exists in Siemens Syngo FastView, which stems from a lack of proper validation of user-supplied data when parsing BMP files. An attacker...

PT-2021-7803 · Siemens · Syngo Fastview

Name of the Vulnerable Software and Affected Versions: syngo fastView All versions Description: A vulnerability has been identified in the affected application, which lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition, allowing ...

PT-2021-6410 · Siemens · Syngo Fastview

Name of the Vulnerable Software and Affected Versions: syngo fastView All versions Description: A vulnerability has been identified in the affected application, which lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of ...

Bentley Systems Bentley View 缓冲区错误漏洞

A security vulnerability exists in Bentley View, a free viewer from Bentley Systems, U.S.A. The Bentley View BMP file parsing vulnerability is due to a failure to properly validate the length of user-supplied data before copying it to a heap buffer. An attacker could exploit this vulnerability to...

Bentley Systems Bentley View 缓冲区错误漏洞

Bentley View, a free viewer from Bentley Systems, Inc. A stack buffer overflow vulnerability exists in Bentley View BMP file parsing, which is due to a failure to properly validate the length of user-supplied data before copying it to the heap buffer. An attacker could exploit this vulnerability ...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in the ability to write code beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Animate program for creating multimedia and computer animations is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a hacker to execute arbitrary code in the context of the current user, using a specially crafted .bmp...

[SECURITY] Fedora 34 Update: autotrace-0.31.1-62.fc34

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

CVE-2021-42270

Adobe Animate version 21.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file...

freerdp security update

2:2.2.0-7 - Updated: Refactored RPC gateway parser rhbz2017948 + fixed issues discovered by Covscan 2:2.2.0-6 - Refactored RPC gateway parser rhbz2017948 2:2.2.0-5 - Revert: Refactored RPC gateway parser rhbz2017948 2:2.2.0-4 - Refactored RPC gateway parser rhbz2017948 2:2.2.0-3 - Add checks for...

Use-After-Free

autotrace is vulnerable to use-after-free. A bitmap double free in main.c allows attackers to cause use-after-free via a malformed bitmap image...

Integer Overflow

autotrace is vulnerable integer overflows. A biWidthbiBitCnt integer overflow in input-bmp.c allows attackers to provide an unexpected input value to malloc via a malformed bitmap image resulting in a system hang...

[SECURITY] Fedora 35 Update: autotrace-0.31.1-62.fc35

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Mozilla Firefox Security Advisory (MFSA2015-88) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

freerdp security update

2:2.2.0-5 - Update: Refactored RPC gateway parser rhbz2017944 + fix issues discovered by Covscan 2:2.2.0-4 - Refactored RPC gateway parser rhbz2017944 2.1.1-3 - Add checks for bitmap and glyph width/heigth values rhbz2017951...

Mozilla Firefox Security Advisory (MFSA2012-61) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...