Stack overflow

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...

NextGen Gallery < 3.5.0 - CSRF allows File Upload

It was possible to bypass the "validateajaxrequest" function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code ...

EulerOS 2.0 SP5 : netpbm (EulerOS-SA-2021-1217)

According to the versions of the netpbm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to...

Apple ImageIO Security Vulnerability

Apple ImageIO is an Apple Inc. component necessary for parsing and writing image data in IOS mobile devices. A security vulnerability exists in Apple ImageIO that stems from a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a speciall...

Apple macOS Buffer Error Vulnerability

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS that originates from a boundary condition when an image file within the ImageIO component of macOS. A remote attacker could create specially crafted files, trick...

Fedora 33 : netpbm (2021-df9ede6a02)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-df9ede6a02 advisory. - The pmmallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service heap-based buffer...

CVE-2020-35844

FastStone Image Viewer 7.5 has an out-of-bounds write via a crafted image file at FSViewer.exe+0xbe9c4...

CVE-2020-35845

FastStone Image Viewer 7.5 has an out-of-bounds write via a crafted image file at FSViewer.exe+0x96cf...

CVE-2020-35843

FastStone Image Viewer 7.5 has an out-of-bounds write via a crafted image file at FSViewer.exe+0x956e...

CVE-2020-35843

FastStone Image Viewer 7.5 has an out-of-bounds write via a crafted image file at FSViewer.exe+0x956e...

CVE-2020-35844

FastStone Image Viewer 7.5 has an out-of-bounds write via a crafted image file at FSViewer.exe+0xbe9c4...

Out-of-bounds

FastStone Image Viewer 7.5 has an out-of-bounds write via a crafted image file at FSViewer.exe+0x96cf...

Out-of-bounds

FastStone Image Viewer 7.5 has an out-of-bounds write via a crafted image file at FSViewer.exe+0xbe9c4...

CVE-2020-35843

FastStone Image Viewer 7.5 has an out-of-bounds write via a crafted image file at FSViewer.exe+0x956e...

Debian: Security Advisory (DLA-2523-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21462

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

The vulnerability of the realloc function in the Pillow image processing library allows a malicious actor to cause a service failure.

The vulnerability of the realloc function in the Pillow image processing library libImaging/TiffDecode.c is due to a numerical overflow during the processing of TIFF images. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Victor CMS 1.0 - File Upload To RCE

Exploit Title: Victor CMS 1.0 - File Upload To RCE Date: 20.12.2020 Exploit Author: Mosaaed Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Apache2/Linux Step1: register...

ImageMagick6 -- multiple vulnerabilities

CVE reports: Several vulnerabilities have been discovered in ImageMagick: CVE-2021-20309: A flaw was found in ImageMagick in versions before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an...

About the security content of tvOS 14.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...