2481 matches found
Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=747 The attached PoC crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce. Tested the PoC on a single core VM. Proof of Concept:...
Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)
Microsoft Windows 7 - win32k Bitmap Use-After-Free MS16-062 1 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=746 The attached PoC triggers a blue screen on Windows 7 with special pool enabled on win32k.sys . A reference to the bitmap object still exists in the device context...
Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2)
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=747 The attached PoC crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce. Tested the PoC on a single core VM. Proof o...
Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=746 The attached PoC triggers a blue screen on Windows 7 with special pool enabled on win32k.sys . A reference to the bitmap object still exists in the device context after it has been deleted. Proof of Concept:...
Adobe Flash - Heap Overflow in ATF Processing Image Reading
Adobe Flash - Heap Overflow in ATF Processing Image Reading Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=789 There is a large heap overflow in reading an ATF image to a Bitmap object. To reproduce the issue, load the attach file '4' using LoadImage.swf as follows:...
Adobe Flash - Heap Overflow in ATF Processing (Image Reading)
Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=789 There is a large heap overflow in reading an ATF image to a Bitmap object. To reproduce the issue, load the attach file '4' using LoadImage.swf as follows: LoadImage.swf?img=4...
DEBIAN-CVE-2015-7552
Heap-based buffer overflow in the gdkpixbufflip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file...
openSUSE Security Update : optipng (openSUSE-2016-469)
optipng was updated to fix one security issue. This security issue was fixed : - CVE-2016-2191: Invalid write while processing bitmap images bsc973992. - CVE-2016-3981: Heap buffer overflow pngxrbmp.c bmpreadrows - CVE-2016-3982: Heap buffer overflow pngxrbmp.c bmprle4fread %NASLMINLEVEL 70300 C...
UBUNTU-CVE-2015-7552
Heap-based buffer overflow in the gdkpixbufflip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file...
MGASA-2016-0135 Updated optipng packages fix security vulnerabilities
An updated optipng package fixes a number of bugs and security vulnerabilities. CVE-2015-7802 - Buffer over-read issue CVE-2016-2191 - An invalid write and segmentation fault may occur while processing bitmap images...
Updated optipng packages fix security vulnerabilities
An updated optipng package fixes a number of bugs and security vulnerabilities. CVE-2015-7802 - Buffer over-read issue CVE-2016-2191 - An invalid write and segmentation fault may occur while processing bitmap images...
DEBIAN-CVE-2016-3982
Off-by-one error in the bmprle4fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow...
DEBIAN-CVE-2016-2191
The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory write and crash via a series of delta escapes in a crafted BMP image...
Microsoft Windows Graphics Memory Corruption (MS16-039: CVE-2016-0145)
A vulnerability was found in Microsoft Windows that could potentially lead to remote code execution. The main cause is the lack of validation on glyph bitmap boundary during scaling operation. This vulnerability can be exploited using a malformed font file TTF...
Debian Security Advisory DSA 3547-1 (imagemagick - security update)
Several vulnerabilities were discovered in Imagemagick, a program suite for image manipulation. This update fixes a large number of potential security problems such as null-pointer access and buffer-overflows that might lead to memory leaks or denial of service. None of these security problems ha...
PT-2020-12507 · Freerdp +7 · Freerdp +7
Name of the Vulnerable Software and Affected Versions: FreeRDP versions 1.0 through 2.0.0 Description: The issue is related to an out-of-bound read in the update read bitmap data function, which allows client memory to be read into an image buffer. The result of this action is displayed on the...
Windows bitmap内核释放后重用漏洞(CVE-2016-0094)
No description provided by source...
optipng: arbitrary code execution
An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to crtrow' being inc|decremented without any boundary checking when encountering delta escapes. This issue can possibly be used to execute arbitrary code...
Microsoft Windows Kernel - Bitmap Use-After-Free
Microsoft Windows Kernel - Bitmap Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=686 The attached Proof-of-Concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways two examples attached. Proof of...
Microsoft Windows Kernel - Bitmap Use-After-Free
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=686 The attached Proof-of-Concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways two examples attached. Proof of Concept:...