PT-2017-4104 · Imagemagick +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.6-6 Description: A memory exhaustion issue was found in the ReadTIFFImage function, allowing attackers to cause a denial of service. The vulnerability is related to an error in the resource control mechanism, which can...

UBUNTU-CVE-2017-12640

ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c...

UBUNTU-CVE-2017-12563

In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service...

DEBIAN-CVE-2017-12451

The bfdxcoffreadarhdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file...

JKS Private Key Cracker - Cracking passwords of private key entries in a JKS file

The Java Key Store JKS is the Java way of storing one or several cryptographic private and public keys for asymmetric cryptography in a file. While there are various key store formats, Java and Android still default to the JKS file format. JKS is one of the file formats for Java key stores, but J...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-19922)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14633)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

IrfanView FPX plugin buffer overflow vulnerability (CNVD-2017-15697)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in IrfanView...

CVE-2017-9894

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272."...

CVE-2017-9875

IrfanView version 4.44 32bit with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!DEDecode+0x0000000000000cdb."...

CVE-2017-9878

IrfanView version 4.44 32bit with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!FPXGetScanDevicePropertyGroup+0x000000000000c99a."...

CVE-2017-10924

IrfanView 4.44 32bit with FPX Plugin 4.47 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!FPXGetScanDevicePropertyGroup+0x000000000000a529."...

CVE-2017-9894

CVE-2017-9894 affects XnView Classic for Windows v2.40. The vulnerability arises when processing crafted FPX files, enabling remote code execution due to a fault described as a User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272. NVD metrics indicate a high-severity impact (CV...

Silicon Graphics LibTIFF 'libtiff/tif_dirread.c' Denial of Service Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in Silicon Graphics LibTIFF version 4.0.7, which stems from...

[SECURITY] [DLA 985-1] libsndfile security update

Package : libsndfile Version : 1.0.25-9.1+deb7u3 CVE ID : CVE-2017-6892 Debian Bug : 864704 It was discovered that there was a vulnerability in libsndfile, a library for reading/writing audio files. A specially-crafted AIFF "Audio Interchange File Format" file could result in an out-of-bounds...

UBUNTU-CVE-2017-6892

In libsndfile version 1.0.28, an error in the "aiffreadchanmap" function aiff.c can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

UBUNTU-CVE-2017-9147

LibTIFF 4.0.7 has an invalid read in the TIFFVGetField function in tifdir.c, which might allow remote attackers to cause a denial of service crash via a crafted TIFF file...

Larson VizEx Reader Buffer Overflow Vulnerability

Larson VizEx Reader is an application that allows you to exchange graphs, charts, and technical illustrations with coworkers, customers, partners, suppliers, and technicians. A buffer overflow vulnerability exists in Larson VizEx Reader version 9.7.5. An attacker can exploit this vulnerability to...

MsMpEng: UIF decoder will spin forever processing sparse blocks

The UIF Universal Image Format is a proprietary file format used by the old shareware utility MagicISO. Microsoft have a dedicated unpacker for UIF that runs as SYSTEM on all filesystem activity !?!. The UIF format has an index structure at a fixed offset from the end of the file, with a pointer ...