877 matches found
Jasper 安全漏洞
Jasper is a flexible and powerful GitHub issue reader from the Jasper open source. A security vulnerability exists in Jasper version 4.2.2, which stems from the presence of an Assertion Failure vulnerability that allows an attacker to cause a denial of service attack via a specific image file...
CVE-2024-25580
The CVE-2024-25580 issue affects Qt, specifically in gui/util/qktxhandler.cpp, with potential buffer overflow leading to application crash when reading crafted KTX images. Affected products/versions include Qt before 5.15.17, Qt 6.x before 6.2.12, Qt 6.3.x–6.5.x before 6.5.5, and Qt 6.6.x before ...
CVE-2024-25580
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file...
The vulnerability of the ImageIO component in operating systems such as iOS, iPadOS, tvOS, watchOS, macOS, and visionOS allows attackers to execute arbitrary code.
The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, macOS, and visionOS lies in the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created image file...
SUSE SLED15: avif-tools / gdk-pixbuf-loader-libavif / libavif-devel / libavif13 / etc (SUSE-SU-2024:0423-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0423-1 advisory. - CVE-2023-6704: Fixed use after free by not storing colorproperties until alpha item is found bsc1218303...
Cross site scripting
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
FreeBSD : electron27 -- multiple vulnerabilities (d1b20e09-dbdf-432b-83c7-89f0af76324a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d1b20e09-dbdf-432b-83c7-89f0af76324a advisory. - Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to...
The vulnerability of the LZWDecode function in the libtiff/tif_lzw.c component of the LibTIFF library, which allows a hacker to cause a service failure.
The vulnerability of the LZWDecode function in the libtiff/tiflzw.c component of the LibTIFF library is related to reading data beyond the allowable buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service interruptions through a specially created TIF file...
Debian DSA-5579-1 : freeimage - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5579 advisory. Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if...
Use After Free
Chromium is vulnerable to Use After Free. The vulnerability is caused because of a User After Free error in libavif component. A remote attacker can exploit Heap Corruption via a crafted image file...
SUSE CVE-2023-6704
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...
CVE-2023-6704
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...
CVE-2023-6704
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...
Design/Logic Flaw
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...
CVE-2023-6704
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...
CVE-2023-6704
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...
CVE-2023-6704
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...
Debian dla-3662 : libfreeimage-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3662 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3662-1 [email protected]...
The vulnerability of the OpenImageIO image processing library, related to uncontrolled recursion, allows a hacker to cause a service failure.
The vulnerability of the OpenImageIO image processing library is related to uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service interruptions through the use of a specially created image file...
libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service
A vulnerability was found in LibTIFF, where a heap-based buffer overflow in the pal2rgb function in tools/pal2rgb.c can lead to a denial of service, a remote attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing the application to crash...