fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

EUVD-2018-9763

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-32468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted...

UBUNTU-CVE-2025-46407

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the...

CVE-2021-29365

Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCropW component. This can cause a denial of service DOS...

CVE-2023-51569

Kofax Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

OESA-2022-1592 SDL2 security update

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fixes: There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious...

CVE-2021-34903

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

PT-2021-3608 · Sdl +5 · Sdl +5

Name of the Vulnerable Software and Affected Versions: SDL Simple DirectMedia Layer versions 2.0.12 and earlier Description: The issue is related to an integer overflow in the SDL BlitCopy function in the video/SDL blit copy.c component of the Simple DirectMedia Layer library. This can lead to SD...

openjpeg2: Excessive iteration in openjp2/t1.c:opj_t1_encode_cblks can allow for denial of service via crafted BMP file

In OpenJPEG 2.3.0, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file...

UBUNTU-CVE-2018-18024

In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file...

ImageMagick Denial of Service Vulnerability (CNVD-2017-07618)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in the 'ReadBMPImage' function of the bmp.c file in ImageMagick version...

The vulnerability of the LibTIFF library, which allows a hacker to cause an unexpected termination of the application

The vulnerability of the tifpackbits.c function in the LibTIFF library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause an unexpected termination of the application by using a specially created BMP...

CVE-2011-3343

Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service daemon crash or possibly gain privileges via 1 a crafted BMP file with RLE compression or 2 crafted dimensions in a BMP file...

BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

DEBIAN-CVE-2007-2459

Heap-based buffer overflow in the BMP reader bmp.c in Imager perl module libimager-perl 0.45 through 0.56 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files...

DSA-464 gdk-pixbuf - broken image handling

Bulletin has no description...

Important: Red Hat Security Advisory: gdk-pixbuf security update

Updated gdk-pixbuf packages that fix a crash are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. Thomas Kristensen discovered a bitmap file that would cause versions of gdk-pixbuf prior to 0.20 to crash. To exploit this flaw, an...