Heap overflow

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this...

CVE-2019-5125

The CVE-2019-5125 issue affects LEADTOOLS 20 JPEG2000 parsing (j2pc). A specially crafted J2K image can trigger a heap out-of-bounds write in the image allocation/processing path, potentially enabling code execution. Public vulnerability coverage (Talos advisory TALOS-2019-0916) confirms the impa...

CVE-2019-5125

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this...

CVE-2019-5099

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...

LEADTOOLS BMP Parsing Remote Code Execution Vulnerability

Summary An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerabilit...

CVE-2019-15140

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c...

Memory corruption vulnerability in XnView ldf files

XnView from France is a great image viewer with image viewer, screen capture, slideshow, thumbnail maker, batch conversion, hexadecimal browsing, drag-and-drop, address book, scanning input, etc. It supports more than 100 image formats, and more than 500 images after installing plug-ins. XnView l...

Microsoft Windows Codecs Library Information Disclosure (CVE-2018-8506)

An information disclosure vulnerability exists in Windows Codecs Library. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted image file. Successful exploitation could result in the...

CVE-2017-17680

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file...

CVE-2018-19107

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp called from psdimage.cpp in the PSD image reader may suffer from a denial of service heap-based buffer over-read caused by an integer overflow via a crafted PSD image file...

CVE-2018-7730

An integer wraparound, leading to a buffer overflow, was found in Exempi in the way it handles Adobe Photoshop Images. An attacker could exploit this to cause a denial of service via a crafted image file...

[ASA-201910-8] sdl: arbitrary code execution

Arch Linux Security Advisory ASA-201910-8 ========================================= Severity: High Date : 2019-10-11 CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616...

PRODSECBUG-2458: Cross-Site Scripting in image file names

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

Denial Of Service (DoS)

pillow is vulnerable to denial of service. An attacker is able to crash the application by submitting an invalid image file, causing the library to allocate large amount of memory to process the malicious image...

Microsoft Windows Silent Process Exit Persistence

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/exploit/exe' class MetasploitModule 'Windows Silent Process Exit Persistence', 'Description' = %q Windows allows you to se...

PYSEC-2019-40

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

CVE-2019-16865

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

The vulnerability of the LibTIFF library, related to buffer overflows based on the TIFFSetupStrips mechanism, allows attackers to trigger a service failure.

The vulnerability of the LibTIFF library is related to the buffer overflow caused by the TIFFSetupStrips function. Exploiting this vulnerability allows an attacker to trigger a service failure using a specially created TIFF file...

Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This module uploads a payload and declares that it is the debug process to launch when a specified process exits. This module requires Metasploit: https://metasploit.com/download Current source:...

Memory Corruption Vulnerability in TIFF Image Processing by Good123 Photo King

Good123 Viewer is an image viewing software. A memory corruption vulnerability exists in the handling of TIFF images by Good123 Viewer, which can be exploited by attackers to cause the program to crash by constructing malformed TIFF images...