Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. Note WPScanTeam: CSRF check and some file validation were added in v5.11, however a blacklist...

CVE-2021-20312

A flaw was found in ImageMagick, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to syst...

CVE-2021-20310

A flaw was found in ImageMagick, where a division by zero ConvertXYZToJzazbz of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to syst...

CVE-2021-3467

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

The vulnerability of the image conversion module from TIFF to RGBA format in the LibTIFF library allows a hacker to induce a service failure.

The vulnerability of the TIFF-to-RGBA tiff2rgba conversion module in the LibTIFF library is related to the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by using a specially created TI...

The vulnerability of the tif_getimage.c file in the LibTIFF library allows a hacker to execute arbitrary code.

The vulnerability of the tifgetimage.c file in the LibTIFF library is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created TIFF file...

PT-2021-4624 · Pillow +9 · Pillow +9

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 8.2.0 Description: The issue is related to the readline implementation in the EPSImageFile component of the Pillow library. It uses a quadratic method to accumulate lines while searching for a line ending, which can b...

Pillow 缓冲区错误漏洞

Pillow is a Python-based image processing library.A buffer overflow vulnerability exists in Pillow Tiff image file processing, which can be exploited by remote attackers to submit special file requests that trick users into parsing, which can crash the application or execute arbitrary code in the...

Libtiff Integer Overflow Vulnerability

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. An integer overflow vulnerability exists in tifgetimage.c in libtiff. An attacker can exploit this vulnerability to inject and execute arbitrary code via specially crafted TIFF files...

AZL-6653 CVE-2020-35522 affecting package libtiff for versions less than 4.1.0-3

In LibTIFF, there is a memory malloc failure in tifpixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack...

ALPINE-CVE-2020-35523

An integer overflow flaw was found in libtiff that exists in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

UBUNTU-CVE-2020-35521

A flaw was found in libtiff. Due to a memory allocation failure in tifread.c, a crafted TIFF file can lead to an abort, resulting in denial of service...

SAP 3D Visual Enterprise Viewer 安全漏洞

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. A denial of service vulnerability exists in SAP 3D Visual Enterprise Viewer 9. The vulnerability stems from improper input validation. An attacker could exploit the vulnerability by means of a specially crafted .TIFF...

Silicon Graphics LibTIFF 缓冲区错误漏洞

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A memory allocation failure vulnerability exists in tifread.c in libtiff. An attacker could exploit this vulnerability to cause an abort via a specially crafted TIFF document, which could result in a...

Huawei EulerOS: Security Advisory for netpbm (EulerOS-SA-2021-1500)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pillow Denial of Service Vulnerability (CNVD-2021-14762)

Python Imaging Library PIL is a free library for the Python programming language that supports opening, manipulating, and saving a wide range of image file formats.Pillow is a PIL branch. A denial of service vulnerability exists in Pillow versions prior to 8.1.1. The vulnerability stems from not...

PT-2021-7754 · Stb +3 · Stb +3

Name of the Vulnerable Software and Affected Versions: stb versions 2.26 Description: The issue is related to a buffer overflow vulnerability in the stbi extend receive function of the stb image.h component in the stb library for C/C++. This vulnerability can be exploited by a remote attacker usi...

CVE-2021-21044

Acrobat Reader DC versions versions 2020.013.20074 and earlier, 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code...

The vulnerability of the Get16m function in the jhead program for working with EXIF files allows a hacker to cause a service failure.

The vulnerability of the Get16m function in the jhead program for working with EXIF files is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially crafted file...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. An attacker can exploit this vulnerability via specially crafted files to achieve code execution...