Accusoft ImageGear GEM Raster Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to th...

[SECURITY] Fedora 31 Update: libtiff-4.0.10-7.fc31

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

[SECURITY] Fedora 31 Update: python-pillow-6.1.0-4.fc31

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact Please review th...

CVE-2019-5084

An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF ima...

Memory corruption vulnerability in XnView ldf files

XnView from France is a great image viewer with image viewer, screen capture, slideshow, thumbnail maker, batch conversion, hexadecimal browsing, drag-and-drop, address book, scanning input, etc. It supports more than 100 image formats, and more than 500 images after installing plug-ins. XnView l...

Adobe Media Encoder Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2019-39589)

Adobe Media Encoder is a video and audio encoding application. An out-of-bounds read information disclosure vulnerability exists in the parsing of MOV files in versions prior to Adobe Media Encoder 13.1.5. The vulnerability stems from a lack of proper validation of user-supplied data. An attacker...

UBUNTU-CVE-2019-18218

cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...

Hackers Turn to OpenDocument Format to Avoid AV Detection

Attackers have a new obfuscation technique that uses the OpenDocument file format for sneaking payloads past antivirus software. Past macro-based attacks have relied on malware hitching a ride with .docx, .zip, .jar and many other file formats. But researchers at Cisco Talos said that because the...

Memory Corruption Vulnerability in TIFF Image Processing by Good123 Photo King

Good123 Viewer is an image viewing software. A memory corruption vulnerability exists in the handling of TIFF images by Good123 Viewer, which can be exploited by attackers to cause the program to crash by constructing malformed TIFF images...

Tachyon - Fast HTTP Dead File Finder

Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data. User Requirements Linux Python 3.5.2 User Installation Install: $...

CVE-2019-14916

An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload...

CVE-2019-14916

An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload...

Unrestricted file upload

An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload...

CVE-2019-14916

CVE-2019-14916 affects PRiSE adAS 1.7.0. The issue is a failure to properly validate a file’s format, enabling an unrestricted file upload. The underlying cause is inadequate input/format checks during upload, leading to potential to place arbitrary files on the server and perform abuse as descri...

Binary Vulnerability in Exif Pilot

Exif Pilot is a free EXIF editor from Two Pilots. A binary vulnerability exists in Exif Pilot's handling of the TIFF format, which can be exploited by an attacker to cause the program to crash by constructing a malformed TIFF-formatted image...

libmysofa Out-of-Bounds Read Vulnerability

libmysofa is a library for reading AES SOFA files. An out-of-bounds read vulnerability exists in directblockRead in hdf/fractalhead.c in libmysofa 0.7. No details of the vulnerability are provided at this time...

Binary Vulnerability in Flying Pigeon Network Printing Component (CNVD-2019-33149)

Flying Pigeon is a LAN instant messaging software for enterprises, schools and families, realizing high-speed transmission of messages and files within LAN and printing on Flying Pigeon network. A binary vulnerability exists in the Flying Pigeon Network Printing component, which can be exploited ...

sox security update

CentOS Errata and Security Advisory CESA-2019:2283 An update for sox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Binary Vulnerability in Windshade Viewer FyPicEditor.exe Handling TIFs

Wind Shadow Picture Viewer is a computer client picture viewing software, small and lightweight, simple interface, comprehensive features, compatible with hundreds of image formats, including commonly used JPG, BMP, PNG and other conventional image formats and PDS and other professional image...