CVE-2017-13673

CVE-2017-13673 affects QEMU’s VGA display path used by QEMU/KVM. The flaw arises from a miscalculation of the region for the dirty bitmap snapshot during split-screen display, which can trigger an assertion failure in cpu_physical_memory_snapshot_get_dirty and cause a denial of service. The issue...

CentOS 7 : ghostscript (CESA-2017:2180)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ghostscript security update

CentOS Errata and Security Advisory CESA-2017:2180 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

OpenJPEG Denial of Service Vulnerability (CNVD-2017-28761)

OpenJPEG is a C-based open source JPEG 2000 codec . A security vulnerability exists in the 'bmpreadinfoheader' function in bin/jp2/convertbmp.c in OpenJPEG version 2.2.0, which originates from the program receiving a packet header with a biBitCount of zero. A remote attacker could use this...

UBUNTU-CVE-2017-12982

The bmpreadinfoheader function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service memory allocation failure in the opjimagecreate function in lib/openjp2/image.c, related to the opjalignedallocn...

minidjvu denial of service vulnerability

minidjvu is a command-line utility for encoding and decoding single-page black-and-white DjVu files with the ability to compress multiple pages, taking advantage of similarities between pages. A denial of service vulnerability exists in the JB2BitmapCoder::coderowbyrefinement function in...

minidjvu denial of service vulnerability (CNVD-2017-25770)

minidjvu is a command-line utility for encoding and decoding single-page black-and-white DjVu files with the ability to compress multiple pages, taking advantage of similarities between pages. A denial of service vulnerability exists in the mdjvubitmapgetboundingbox function in base/4bitmap.c in...

minidjvu denial of service vulnerability (CNVD-2017-25769)

minidjvu is a command-line utility for encoding and decoding single-page black-and-white DjVu files with the ability to compress multiple pages, taking advantage of similarities between pages. The mdjvubitmappackrow function denial of service vulnerability in base/4bitmap.c in Minidjvu allows an...

DEBIAN-CVE-2017-12443

The mdjvubitmappackrow function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service invalid memory read and application crash via a crafted djvu file...

DEBIAN-CVE-2017-12445

The JB2BitmapCoder::coderowbyrefinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service invalid memory read and application crash via a crafted djvu file...

[SECURITY] Fedora 25 Update: potrace-1.15-1.fc25

Potrace is a utility for tracing a bitmap, which means, transforming a bitm ap into a smooth, scalable image. The input is a bitmap PBM, PGM, PPM, or BMP format, and the default output is an encapsulated PostScript file EPS. A typical use is to create EPS files from scanned data, such as company ...

[SECURITY] Fedora 26 Update: potrace-1.15-1.fc26

Potrace is a utility for tracing a bitmap, which means, transforming a bitm ap into a smooth, scalable image. The input is a bitmap PBM, PGM, PPM, or BMP format, and the default output is an encapsulated PostScript file EPS. A typical use is to create EPS files from scanned data, such as company ...

CVE-2017-11216

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF data related to bitmap transformations...

OpenCV Buffer Overflow Vulnerability (CNVD-2017-24177)

OpenCV is an open source, cross-platform, lightweight computer vision library. A buffer overflow vulnerability exists in the 'cv::BmpDecoder::readData' function in the modules/imgcodecs/src/grfmtbmp.cpp file in OpenCV 3.3 and earlier. An attacker could use this vulnerability to cause a denial of...

Exploit for CVE-2016-0040

CVE-2016-0040 This exploit builds upon SMMRootkit's 32Bit projec...

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function

Heap-based buffer overflow in the gdkpixbufflip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file...

UBUNTU-CVE-2017-11528

The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service memory leak via a crafted file...

CVE-2017-3100

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure...

Memory Corruption Vulnerability in Eggplant Beauty Photo Processing BMP Format Files

Eggflower Beauty Photo is a photo manipulation program. A memory corruption vulnerability exists in Eggflower Beauty Photo's handling of BMP format files. This allows attackers to cause the program to crash by constructing malformed BMP images...