148 matches found
USN-4686-1 ghostscript vulnerabilities
It was discovered that Ghostscript incorrectly handled certain image files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary co...
Microsoft Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CNVD-2021-01043)
Microsoft Windows is an operating system for personal devices from Microsoft.DirectX is a multimedia system library. A remote code execution vulnerability exists in the Microsoft Windows Codecs Library. The vulnerability can be exploited to obtain information via specially crafted image files,...
Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users. To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday...
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems.Microsoft Windows Codecs Library is one of the audio and video file codecs...
Denial Of Service(DoS)
The GIMP GNU Image Manipulation Program is vulnerable to Denial Of ServiceDoS. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim...
python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service
A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a long time while processing specially crafted image files, possibly causing a denial of service. Applications that use the library to process untrusted files may be vulnerable to this flaw...
EulerOS 2.0 SP2 : exiv2 (EulerOS-SA-2019-2375)
According to the versions of the exiv2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp called from psdimage.cpp in the PSD image reader may suffer from a denial of service heap-bas...
EulerOS 2.0 SP8 : exiv2 (EulerOS-SA-2019-2277)
According to the versions of the exiv2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer over-read via a...
The vulnerability of the QuantumTransferMode function (coders/tiff.c), a cross-platform library for working with graphics, allows a hacker to trigger a service failure.
The vulnerability of the QuantumTransferMode function coders/tiff.c in the cross-platform library for working with graphics in GraphicsMagick is related to a buffer overflow vulnerability. Exploiting this vulnerability could allow an attacker to cause a service failure using a specially created...
LEAD Technologies LEADTOOLS Numeric Error Vulnerability
LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A numeric error vulnerability exists in the CMP parsing function in LEAD Technologies LEADTOOLS. The vulnerability can be exploited to execute code via specially crafted CMP image files...
Investintech Able2Extract Professional Memory Corruption Vulnerability (CNVD-2019-40117)
Investintech Able2Extract Professional is a PDF document converter and editor from Investintech Canada. The product supports PDF document scanning, PDF editing and PDF viewing. Investintech Able2Extract Professional suffers from a memory corruption vulnerability that can be exploited by attackers...
Ubuntu: Security Advisory (USN-4143-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS : SDL 2.0 vulnerabilities (USN-4143-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4143-1 advisory. It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicio...
USN-4143-1 SDL 2.0 vulnerabilities
It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. CVE-2017-2888 It was discovered that SDL 2.0 mishandled crafted image files. If...
CVE-2018-17101
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service application crash or possibly have unspecified other impact via a crafted image file...
CVE-2018-8475
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Serve...
CVE-2018-16643
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image...
CVE-2018-7998
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vipsregiongenerate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditi...
ActivePDF Toolkit Code Execution
ActivePDF Toolkit 8.1.0 multiple RCE Introduction ============ The ActivePDF Toolkit is a Windows library which enhances business processes to stamp, stitch, merge, form-fill, add digital signatures, barcodes to PDF. Both .NET and native APIs are provided. Amongst many other operations, this...
PYSEC-2018-124
In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864,...