4670 matches found
LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers
Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...
open62541:fuzz_json_decode: Heap-use-after-free in LocalizedText_clear
Project: https://github.com/open62541/open62541.git Detailed Report: https://oss-fuzz.com/testcase?key=5733705184444416 Project: open62541 Fuzzing Engine: libFuzzer Fuzz Target: fuzzjsondecode Job Type: libfuzzerasanopen62541 Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address...
CVE-2020-5310
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
CVE-2020-5311
An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system...
Arbitrary Code Execution
pillow is vulnerable to integer overflow. A TIFF decoding integer overflow in libImaging/TiffDecode.c can potentially allow an attacker to execute arbitrary code using a malicious tif image...
Denial Of Service (DoS)
pillow is vulnerable to denial of service DoS. The vulnerability exists as there was a lack of sanity check on xsize when decoding Pcx images with the P mode...
CVE-2018-14550
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function gettoken in pnm2png.c in pnm2png...
CVE-2020-5310
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
UBUNTU-CVE-2020-5313
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...
Integer overflow
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
PYSEC-2020-81
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
CVE-2020-5310
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
UBUNTU-CVE-2020-5312
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow...
CVE-2020-5310
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
CVE-2020-5310
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...
PT-2020-5161 · Pillow +1 · Pillow +1
Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is related to a TIFF decoding integer overflow in the libImaging/TiffDecode.c file of the Pillow library. This overflow is connected to the realloc function. The exploitation of this issue...
PT-2020-5162 · Python Imaging Library +3 · Pillow +3
Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is related to a buffer overflow in the SGI RLE decoding process. This can potentially allow a remote attacker to cause a denial of service. The estimated number of potentially affected...
CVE-2019-5275
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate ...
CVE-2019-10511
Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098,...
CVE-2019-10485
CVE-2019-10485 involves an infinite loop when decoding compressed data that can cause an overrun condition in various Snapdragon platforms (Auto, Compute, IoT, Mobile, Wearables, etc.). The issue affects a broad set of Qualcomm/Snapdragon components and is driven by a decoding loop condition, as ...