CentOS 8 : autotrace (CESA-2021:4519)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4519 advisory. - autotrace: integer overflow in input-bmp.c CVE-2019-19004 - autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact...

autotrace: integer overflow in input-bmp.c

A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image...

autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact

A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182...

Moderate: Red Hat Security Advisory: autotrace security update

An update for autotrace is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c

In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opjj2ksetupencoder function openjp2/j2k.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file...

Moderate: autotrace security update

AutoTrace is a program for converting bitmaps to vector graphics. Security Fixes: autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact CVE-2019-19005 autotrace: integer overflow in input-bmp.c CVE-2019-19004 For more details about the security issues, including...

ALSA-2021:4519 Moderate: autotrace security update

AutoTrace is a program for converting bitmaps to vector graphics. Security Fixes: autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact CVE-2019-19005 autotrace: integer overflow in input-bmp.c CVE-2019-19004 For more details about the security issues, including...

DEBIAN-CVE-2021-40985

A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to imageloadbmp...

HTMLDOC 缓冲区错误漏洞

HTMLDOC is an HTML file format conversion editor that reads HTML and Markdown source files or web pages and generates the corresponding EPUB, HTML, PostScript or PDF files with optional table of contents. A buffer overflow vulnerability exists in imageloadbmp in HTMLDOC versions prior to 1.9.12. ...

[SECURITY] Fedora 35 Update: python-reportlab-3.6.2-1.fc35

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

CVE-2020-23546

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981...

IrfanView 安全漏洞

IrfanView is a very fast, small, compact and innovative free graphics viewer for Windows 9x, ME, NT, 2000, XP, 2003, 2008, Vista, Windows 7, Windows 8, Windows 10. A denial of service vulnerability exists in IrfanView version 4.54. The vulnerability stems from data from the wrong address being us...

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Exploit for Path Traversal in Microsoft

CVE-2021-40444 Usage Ensure to run setup.sh first as yo...

ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...

ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...

DEBIAN-CVE-2021-39520

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-39517

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-39520

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

libjpeg 代码问题漏洞

libjpeg is a free library written entirely in C to handle the JPEG image data format. libjpeg 2020021 and earlier versions of blockbitmaprequester.cpp contain the BlockBitmapRequester::ReconstructUnsampled function is vulnerable to a null pointer dereference. An attacker could exploit this...