PT-2019-5330 · Exiv2 +7 · Exiv2 +7

Name of the Vulnerable Software and Affected Versions: Exiv2 versions prior to 0.27.2 Description: The issue is related to insufficient input validation in the Exiv2 library for managing media file metadata. An attacker can exploit this by using a specially crafted CRW image file, potentially...

CVE-2019-13112

A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to an std::badalloc exception via a crafted PNG image file...

CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

CVE-2019-13112

A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to an std::badalloc exception via a crafted PNG image file...

EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1583)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may...

Ubuntu: Security Advisory (USN-3994-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3994-1: gnome-desktop vulnerability

It was discovered that gnome-desktop incorrectly confined thumbnailers. If a user were tricked into downloading a malicious image file, a remote attacker could possibly combine this issue with another vulnerability to escape the sandbox and execute arbitrary code...

UBUNTU-CVE-2019-12212

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file...

UBUNTU-CVE-2019-12211

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow...

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop,...

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow

Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient Enhanced...

Updated netpbm packages fix security vulnerability

The pmmallocarray2 function allowed remote attackers to cause a denial of service heap-based buffer over-read via a crafted image file CVE-2018-8975...

Remote Code Execution (RCE)

Typo3/Cms is vulnerable to remote code execution. Improper configuration of the applications used for image processing allows an attacker to execute arbitrary code on the server by uploading a malicious image file containing PostScript code...

ImageMagick < 7.0.8-44 Multiple vulnerabilities

The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.8-44. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability exists due to a failure to handle exceptional conditions. An unauthenticated, remote attacker can exploit this by...

CVE-2019-11597

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file...

CVE-2019-11598

In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c...

Denial Of Service (DoS)

JasPer is vulnerable to denial of service attacks. A remote attacker could cause denial of service through assertion failure via a crafted image file. Affected by this issue is the function jpcpinextrpcl in jpct2cod.c...

Denial Of Service (DoS)

JasPer is vulnerable to denial of service attacks. A remote attacker could cause denial of service through assertion failure via a crafted image file. Affected by this issue is the function rasgetcmap in rasdec.c...

Denial Of Service (DoS)

JasPer is vulnerable to denial of serviceDoS attacks. A user can exploit a flaw in the jpcdectiledecode function in jpcdec.c which allows a remote attacker to have unspecified impact via a crafted image file. This leads to heap-based-buffer overflow that may result in application crash...

Buffer Overflow

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer...