OracleVM 3.4 : xen (OVMSA-2019-0054)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=a3ec6768f487946b7316364bc9bd17ce4d752af5 - BUILDINFO: QEMU upstream...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

LEAD Technologies LEADTOOLS Input Validation Error Vulnerability

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. An input validation error vulnerability exists in the BMP header parsing functionality in LEAD Technologies LEADTOOLS. The vulnerability can be exploited to execute arbitrary code with the help of specially...

Mozilla Firefox ESR < 31.4 Multiple Vulnerabilities

Binary data 701250.prm...

libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service

get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries...

CVE-2019-5088

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sendin...

qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data...

edk2: Stack buffer overflow with corrupted BMP

A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 162^4 or 2562^8 colors...

CAD Smart Garden has a memory corruption vulnerability

CAD Smart Garden is a professional garden design software. CAD Smart Garden Tool has a memory corruption vulnerability when dealing with BMP images. An attacker can cause the program to crash by constructing a malformed BMP image. If successfully exploited, it can lead to a system denial of servi...

Memory Corruption Vulnerability in CAD Mini Drawing

CAD Mini Drawing is a cad drawing software. CAD Mini Drawing Tool has a memory corruption vulnerability when handling BMP images. An attacker can cause the program to crash by constructing a malformed BMP image. If successfully exploited, this could lead to a system denial of service...

Memory Corruption Vulnerability in CAD Quick Look Tool

CAD Quick View Tool is a CAD viewing software. CAD Quick Viewer Tool suffers from a memory corruption vulnerability when handling BMP images. An attacker can cause the program to crash by constructing a malformed BMP image. If successfully exploited, this could result in a denial of service...

CAD Intelligent Vulnerability with Memory Corruption Vulnerability

CAD Intelligent Weak Power is a design tool for weak power equipment installation. CAD Smart Weak Power Tool has a memory corruption vulnerability when dealing with BMP images. An attacker can cause the program to crash by constructing a malformed BMP image. If successfully exploited, it can lead...

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service DoS. The attack exists because it does not perform glyph bitmap image dimension check in FreetypeFontScaler...

Memory Corruption Vulnerability in Good123 Viewer

Good123 Viewer is an image viewing software. A memory corruption vulnerability exists in Good123 Photo Viewer, which can be exploited by an attacker to cause the program to crash by constructing a malformed BMP image...

Security update for rdesktop (important)

openSUSE Security Update: Security update for rdesktop Announcement ID: openSUSE-SU-2019:2135-1 Rating: important References: 1121448 Cross-References: CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182...

BMP image processing binary vulnerability in Windshield Viewer

Wind Shadow Picture Viewer is a computer client picture viewing software, small and lightweight, simple interface, comprehensive features, compatible with hundreds of image formats, including commonly used JPG, BMP, PNG and other conventional image formats and PDS and other professional image...

Adobe Acrobat Pro DC AcroForm Bitmap File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

DEBIAN-CVE-2019-15144

In DjVuLibre 3.5.27, the sorting functionality aka GArrayTemplate::sort allows attackers to cause a denial-of-service application crash due to an Uncontrolled Recursion by crafting a PBM image file that is mishandled in libdjvu/GContainer.h...

DEBIAN-CVE-2019-15143

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...

CVE-2019-15143

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...