Memory Corruption Vulnerability in Quick Clip's Handling of TGA Format Images

Quick Clip is a video editing tool from 360. FastClip has a memory corruption vulnerability in the handling of TGA format images, which can be exploited by attackers to cause the program to crash by constructing a malformed TGA format file...

Hackers can compromise your network just by sending a Fax

What maximum a remote attacker can do just by having your Fax machine number? Believe it or not, but your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it. Check Point researchers have revealed...

XnView Denial of Service Vulnerability (CNVD-2019-10272)

XnView is a multi-platform software that supports image viewing, conversion and editing. A denial of service vulnerability exists in XnView 2.45, which can be exploited by remote attackers to cause a denial of service via a specially crafted RLE file...

ALPINE-CVE-2018-14851

exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file...

Pillow Integer overflow in Map.c

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

GHSA-RWR3-C2Q8-GM56 Pillow Integer overflow in Map.c

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

PT-2018-16254 · Acd Systems · Canvas Draw

Name of the Vulnerable Software and Affected Versions: Canvas Draw version 4.0.0 Description: An out-of-bounds write exists in the TIFF parsing functionality. A specially crafted TIFF image can lead to an out-of-bounds write, overwriting arbitrary data, and potentially allowing an attacker to...

PT-2018-16253 · Acd Systems · Canvas Draw

Name of the Vulnerable Software and Affected Versions: Canvas Draw version 4.0.0 Description: An out-of-bounds write exists in the TIFF parsing functionality. A specially crafted TIFF image can lead to an out-of-bounds write, overwriting arbitrary data, and potentially allowing an attacker to gai...

LibTIFF Buffer Overflow Vulnerability (CNVD-2018-14919)

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A buffer overflow vulnerability exists in TIFFRGBAImageOK in tifgetimage.c in LibTIFF 4.0.9. An attacker can exploit this vulnerability to cause a denial of service via TIFFReadRGBAImage, TIFFRGBAImageOK...

LibTIFF Buffer Overflow Vulnerability (CNVD-2018-14918)

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A buffer overflow vulnerability exists in the unixErrorHandler in tifunix.c in LibTIFF 4.0.9. An attacker can exploit this vulnerability via TIFFClientOpen, TIFFFdOpen, TIFFRawStripSize, TIFFCheckTile,...

LibTIFF Buffer Overflow Vulnerability (CNVD-2018-14917)

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A buffer overflow vulnerability exists in TIFFFindField in tifdirinfo.c in LibTIFF 4.0.9. An attacker can exploit this vulnerability via TIFFVGetField, TIFFVGetFieldDefaulted, TIFFVStripSize,...

Arbitrary code using "crafted image file" approach affecting Pillow

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component...

ImageMagick Denial of Service Vulnerability (CNVD-2018-12762)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in the 'GetImagePixelCache' function of the MagickCore/cache.c file in the...

Unspecified vulnerability in jpeg-compressor

jpeg-compressor is an encoder for generating JPEG format files. A security vulnerability exists in the 'bmpload' function of the stbimage.c file in jpeg-compressor version 0.1. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer overflow and application crash...

Debian DLA-1411-1 : tiff security update

Several issues were discovered in TIFF, the Tag Image File Format library, that allowed remote attackers to cause a denial of service or other unspecified impact via a crafted image file. CVE-2017-11613: DoS vulnerability A crafted input will lead to a denial of service attack. During the TIFFOpe...

[SECURITY] Fedora 28 Update: mingw-libtiff-4.0.9-1.fc28

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

CVE-2018-11702

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS Access Violation or possibly unspecified other impact...

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service DoS attacks. A malicious user can pass an image file to the Exiv2::FileIo::pathabi:cxx11 function in basicio.cpp to cause an illegal address access that can crash the application...

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

CVE-2018-12109

An issue was discovered in Free Lossless Image Format FLIF 0.3. The TransformPaletteC::process function in transform/paletteC.hpp allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PAM image...