CVE-2022-41981

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger...

Stack overflow

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger...

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an image read/write library, along with a number of tools and applications. An out-of-bounds read vulnerability exists in OpenImageIO. The vulnerability is caused due to an out-of-bounds read vulnerability when processing string fields in TIFF image files. An attacker can exploit...

OpenImageIO DDS scanline parsing code execution vulnerability

Talos Vulnerability Report TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability December 22, 2022 CVE Number CVE-2022-41838 SUMMARY A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A...

CVE-2022-41992

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability...

CVE-2022-41992

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability...

CVE-2022-41992

PowerISO 8.3 is affected by CVE-2022-41992 due to a memory corruption in the VHD File Format CXSPARSE record parsing. The vulnerability arises because the Num of blocks value from the CXSPARSE record is not validated, allowing an attacker to control the loop counter and trigger an out-of-bounds w...

CVE-2022-41992

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability...

Memory corruption

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability...

CVE-2022-41278

A vulnerability has been identified in JT2Go All versions V14.1.0.6, Teamcenter Visualization V13.2 All versions V13.2.0.12, Teamcenter Visualization V13.3 All versions V13.3.0.8, Teamcenter Visualization V14.0 All versions V14.0.0.4, Teamcenter Visualization V14.1 All versions V14.1.0.6. The...

Vulnerability Spotlight: Memory corruption vulnerability discovered in PowerISO

Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a memory corruption vulnerability in PowerISO. TALOS-2022-1644 CVE-2022-41992 is a memory corruption vulnerability that exists in the VHD File Format parsing functionality of PowerISO 8.3. A specially crafte...

USN-5762-1 binutils vulnerability

It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

USN-5705-1: LibTIFF vulnerabilities

Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. CVE-2022-3570 It was...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft Corporation. A buffer error vulnerability exists in Accusoft ImageGear version 20.0 that stems from the presence of an out-of-bounds write. An attacker could exploit the vulnerability to cause memory corruptio...

CVE-2020-12801

A vulnerability was found in LibreOffice which exists due to an error when processing encrypted files in LibreOffice. If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the passwo...

UBUNTU-CVE-2022-3570

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact...

ALPINE-CVE-2022-3598

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b...

CVE-2022-41195

Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format .iff, 2d.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-bas...

CVE-2022-41195

Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format .iff, 2d.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-bas...

Stack overflow

Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format .iff, 2d.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-bas...