CVE-2019-15143

CVE-2019-15143 affects DjVuLibre 3.5.27 and is caused by a denial-of-service vulnerability in the bitmap reader. A crafted image can trigger a GBitmap::read_rle_raw infinite loop, leading to resource exhaustion. Affected components include libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. Public advis...

CVE-2019-15143

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...

DjVuLibre bitmap reader component resource management error vulnerability

DjVuLibre is an open source implementation of DjVu computer file format , which includes DjVu file viewer , browser plug-ins , DjVu file decoder/encoder and other utilities. bitmap reader is one of the bitmap viewer component . A resource management error vulnerability exists in the bitmap reader...

DjVuLibre Buffer Overflow Vulnerability (CNVD-2019-29361)

DjVuLibre is an open source implementation of DjVu computer file format that includes a DjVu file viewer, browser plug-in, DjVu file decoder/encoder and other utilities. A buffer overflow vulnerability exists in DjVuLibre version 3.5.27, which stems from a failure to perform zero-byte checking in...

RHEL 8 : ghostscript (RHSA-2019:2465)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2465 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service

get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries...

Low: Red Hat Security Advisory: ghostscript security, bug fix, and enhancement update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data...

edk2: Stack buffer overflow with corrupted BMP

A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 162^4 or 2562^8 colors...

DEBIAN-CVE-2019-13568

CImg through 2.6.7 has a heap-based buffer overflow in loadbmp in CImg.h because of erroneous memory allocation for a malformed BMP image...

UBUNTU-CVE-2019-13568

CImg through 2.6.7 has a heap-based buffer overflow in loadbmp in CImg.h because of erroneous memory allocation for a malformed BMP image...

Xpdf Integer Overflow Vulnerability

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. An integer overflow vulnerability exists in the JBIG2Bitmap::combine function in JBIG2Stream.cc in Xpdf 4.01.01. An attacker can exploit this vulnerability to cause a denial of service...

CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

UBUNTU-CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

CVE-2019-2281

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...

Code injection

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...

CVE-2019-2281

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...

CVE-2019-2281

CVE-2019-2281 describes an unauthenticated bitmap image loading vulnerability that can lead to execution of unverified code in Qualcomm Snapdragon platforms. The incident is triggered by loading a bitmap into memory, potentially enabling local code execution with high impact (confidentiality, int...

ImageMagick Resource Management Error Vulnerability (CNVD-2019-29431)

ImageMagick is a set of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A memory disclosure vulnerability exists in the 'ReadBMPImage' function in the coders/bmp.c file in ImageMagick Studi...

ALPINE-CVE-2019-13133

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c...