Silicon Graphics LibTIFF 缓冲区错误漏洞

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A memory allocation failure vulnerability exists in tifread.c in libtiff. An attacker could exploit this vulnerability to cause an abort via a specially crafted TIFF document, which could result in a...

SAP 3D Visual Enterprise Viewer 安全漏洞

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. A denial of service vulnerability exists in SAP 3D Visual Enterprise Viewer 9. The vulnerability stems from improper input validation. An attacker could exploit the vulnerability by means of a specially crafted .TIFF...

SAP 3D Visual Enterprise Viewer 安全漏洞

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. A denial of service vulnerability exists in SAP 3D Visual Enterprise Viewer 9. The vulnerability stems from improper input validation. An attacker could exploit the vulnerability by means of a specially crafted .IFF...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. An attacker can exploit this vulnerability via specially crafted files to achieve code execution...

Accusoft ImageGear GIF LZW decoder heap overflow vulnerability

Summary A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this...

In libsndfile version 1.0.28 an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.

...

[SECURITY] Fedora 32 Update: python-pillow-7.0.0-5.fc32

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

[SECURITY] Fedora 33 Update: python-pillow-7.2.0-3.fc33

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

PT-2021-2723 · Microsoft · Office +4

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Microsoft Office affected versions not specified Microsoft Office Web Apps Server affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Offi...

CVE-2021-25176

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack Crash, Exit, or Restart...

[SECURITY] Fedora 33 Update: dia-0.97.3-16.fc33

The Dia drawing program can be used to draw different types of diagrams, and includes support for UML static structure diagrams class diagrams, entity relationship modeling, and network diagrams. Dia can load and save diagrams to a custom file format, can load and save in .xml format, and can...

CVE-2021-21459

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

CVE-2021-21458

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

GNU Binutils 代码问题漏洞

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A null pointer dereference vulnerability exists in bfdpefparsefunctionstubs in bfd/pef.c in versions of GNU Binutils prior to 2.34. An attacker can...

GNU Binutils Heap Buffer Overflow Vulnerability (CNVD-2021-01283)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A heap buffer overflow vulnerability exists in bfdgetlsigned32 in libbfd.c in the Binary File Descriptor BFD library used in GNU Binutils 2.35.1. T...

Evangelion1204 Multi-ini Resource Management Error Vulnerability

Evangelion1204 Multi-ini is Evangelion1204 individual developers of a Javascript-based language written for Ini configuration file parsing code base . The code base supports compatibility with the Zend file format. A security vulnerability exists in versions of multi-ini prior to 2.1.1, which ste...

Industrial Light and Magic Academy Software Foundation OpenEXR code issue vulnerability

Industrial Light and Magic Academy Software Foundation OpenEXR is an image file format from Industrial Light and Magic for High Dynamic Range HDR images.A code issue vulnerability exists in Industrial Light and Magic Academy Software Foundation OpenEXR, which stems from A null pointer compliance...

Industrial Light And Magic Academy Software Foundation OpenEXR Buffer Overflow Vulnerability (CNVD-2022-19857)

Industrial Light And Magic Academy Software Foundation OpenEXR is an image file format for high dynamic range HDR images. industrial Light And Magic Academy Software Foundation A buffer overflow vulnerability exists in OpenEXR, which can be exploited by remote attackers to submit special file...

Format string

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

Unrestricted file upload

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file including script files without proper file format validation, leading to Unrestricted File Upload...