MS16-130: Security Update for Microsoft Windows (3199172)

The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the Windows image file handling functionality due to improper handling of image files. An unauthenticated, remot...

Pillow Arbitrary Code Execution Vulnerability

Pillow is a compiled version of PIL Python Image Processing Library with some bug fixes developed by American software developer Alex Clark. An arbitrary code execution vulnerability exists in versions of Pillow prior to 3.3.2. A context-sensitive attacker could exploit this vulnerability by usin...

CVE-2016-9190

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component...

CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

Code injection

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component...

Integer overflow

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

PYSEC-2016-9

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component...

PYSEC-2016-8

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

SUSE-SU-2016:2724-1 Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8684: Mismatch between real filesi...

CVE-2016-9190

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component...

CVE-2016-9189

CVE-2016-9189 concerns Pillow (Python Imaging Library fork). Affected: Pillow versions before 3.3.2. Root cause: integer overflow in Image.core.map_buffer within map.c that can be exploited via crafted image files. Impact: information disclosure (partial confidentiality) per CVSS data; local expl...

CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

UBUNTU-CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

UBUNTU-CVE-2016-9190

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component...

SUSE-SU-2016:2668-1 Security update for gd

This update for gd fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...

UBUNTU-CVE-2016-8331

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the applicatio...

UBUNTU-CVE-2016-8677

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure...

The vulnerabilities in operating systems such as Mac OS X and iOS allow attackers to trigger service failures or execute arbitrary code.

The vulnerability of the ImageIO component in Mac OS X and iOS operating systems arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption by using a specially created TIFF file...

CVE-2016-7392

Heap-based buffer overflow in the pstoeditsuffixtableinit function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service out-of-bounds write via a crafted bmp image file...