ALPINE-CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service. The vulnerability exists due to a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick...

Apple tvOS 缓冲区错误漏洞

Apple tvOS is an operating system for Smart TVs from Apple, Inc. tvOS suffers from a buffer error vulnerability that stems from a boundary error when processing image files in ImageIO. A remote attacker could use this vulnerability to create a specially crafted image file, trick the victim into...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Exiv2 vulnerabilities (USN-4964-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4964-1 advisory. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of...

Denial Of Service (DoS)

Exiv2 is vulnerable to denial of service. An out-of-bounds read occurs when writing metadata into a malicious image file. An attacker is able to cause a denial of service by tricking the victim into running Exiv2 on a malicious image file...

CVE-2021-32617

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm quadratic complexity was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata int...

FreeBSD : ImageMagick7 -- multiple vulnerabilities (a7c60af1-b3f1-11eb-a5f7-a0f3c100ae18)

CVE reports : Several vulnerabilities have been discovered in ImageMagick : - CVE-2021-20313: A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. - CVE-2021-20312: A flaw was found in ImageMagick in...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Exiv2 vulnerabilities (USN-4941-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4941-1 advisory. It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary...

CVE-2021-20309

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to...

Integer overflow

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...

Design/Logic Flaw

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to...

Design/Logic Flaw

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from thi...

Design/Logic Flaw

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from...

CVE-2021-20311

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from...

CVE-2021-20311

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from...

CVE-2021-20312

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...

UBUNTU-CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

Cross site request forgery (csrf)

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result,...

CVE-2021-29464

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An...

Out-of-bounds

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...