148 matches found
SUSE-SU-2018:0339-1 Security update for jasper
This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jasrealloc function in base/jasmalloc.c and memresize function in base/jasstream.c allow remote attackers to cause a denial of service via a crafted image, which triggers u...
LibTIFF Denial of Service Vulnerability (CNVD-2017-38251)
Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A denial of service vulnerability exists in tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9. A remote attacker could cause a denial of service TIFFSetupStrips heap buffer overflow and application crash by...
XnView Classic for Windows Arbitrary Code Execution Vulnerability (CNVD-2017-32593)
XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A security vulnerability exists in version 2.40 of XnView Classic for Windows...
CVE-2017-14290
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...
ImageMagick Denial of Service Vulnerability (CNVD-2017-25056)
ImageMagick is the United States ImageMagick Studio company's set of open source image processing software. A denial-of-service vulnerability exists in ImageMagick's handling of PNG files, which allows remote attackers to exploit the vulnerability to construct malicious files and trick users into...
XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14637)
XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...
CVE-2017-9913
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll77df0000!TpAllocCleanupGroup+0x00000000000003d7."...
GLSA-201706-06 : ImageWorsener: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201706-06 ImageWorsener: Multiple vulnerabilities Multiple vulnerabilities have been discovered in ImageWorsener. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to...
CVE-2015-8898
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted image file...
ALPINE-CVE-2016-5317
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack crash via a crafted TIFF file...
DEBIAN-CVE-2016-9190
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component...
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:2667-1)
This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8684: Mismatch between real filesize...
optipng -- multiple vulnerabilities
ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service uninitialized memory read via a crafted GIF file. The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory...
LEMON-S PHP Gazou BBS plus Arbitrary File Upload Vulnerability
LEMON-S PHP Gazou BBS plus is a free PHP-based electronic bulletin board system BBS. A security vulnerability exists in LEMON-S PHP Gazou BBS plus 2.35 and earlier versions. The vulnerability can be exploited by remote attackers to upload arbitrary HTML documents using specially crafted image fil...
MGASA-2014-0473 Updated ffmpeg packages fix security vulnerabilities
A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.1.14 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 1.1.14 allows an attacker to have an unspecified impact...
MGASA-2014-0464 Updated ffmpeg packages fix security vulnerabilities
A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 2.0.6 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 2.0.6 allows an attacker to have an unspecified impact v...
php: heap corruption issue in exif_thumbnail()
A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application...
CVE-2012-0247
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image...
CVE-2010-1526
Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via 1 a crafted TIFF file, related to the gdiploadtiffimage function in tiffcodec.c; 2 a crafted JPEG file, related to the gdiploadjpegimageinternal function in jpegcodec.c; or 3 a crafted B...
CVE-2010-1526
Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via 1 a crafted TIFF file, related to the gdiploadtiffimage function in tiffcodec.c; 2 a crafted JPEG file, related to the gdiploadjpegimageinternal function in jpegcodec.c; or 3 a crafted B...