2680 matches found
Ubuntu 14.04 LTS : OptiPNG vulnerabilities (USN-2951-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2951-1 advisory. Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause...
USN-2951-1: OptiPNG vulnerabilities
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. CVE-2015-7801 Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote...
DEBIAN-CVE-2015-1547
The NeXTDecode function in tifnext.c in LibTIFF allows remote attackers to cause a denial of service uninitialized memory access via a crafted TIFF image, as demonstrated by libtiff5.tif...
CVE-2016-3982
Off-by-one error in the bmprle4fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow...
Heap overflow
Heap-based buffer overflow in the bmpreadrows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file...
Heap overflow
Off-by-one error in the bmprle4fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow...
CVE-2016-3982
OptiPNG contains an off-by-one error in bmp_rle4_fread() in pngxrbmp.c, affecting versions before 0.7.6. This defect can trigger a heap-based buffer overflow, potentially leading to denial of service or arbitrary code execution when processing crafted BMP/png images. Multiple connected sources co...
CVE-2016-3981
Heap-based buffer overflow in the bmpreadrows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file...
CVE-2016-3982
Off-by-one error in the bmprle4fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow...
CVE-2016-2116
Memory leak in the jasiccprofcreatefrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted ICC color profile in a JPEG 2000 image file...
Double free
Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137...
CVE-2016-1577
Summary: CVE-2016-1577 is a double‑free vulnerability in JasPer’s jas_iccattrval_destroy function, affecting JasPer 1.900.1 and earlier. A crafted ICC color profile within a JPEG 2000 image can cause a crash or, potentially, arbitrary code execution. Impact (per sources): denial of service with c...
CVE-2016-1577
Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137...
Silicon Graphics LibTiff Denial of Service Vulnerability (CNVD-2016-02175)
Silicon Graphics LibTiff is the United States Silicon Graphics, Inc. of a read and write TIFF Tagged Image File Format file library. Silicon Graphics LibTiff 4.0.6 and earlier versions of the TIFFVGetField function in the tifdirinfo.c file has a security vulnerability that can be exploited by an...
CVE-2016-1577
Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137...
GpicView 0.2.5 - Crash (PoC)
!/usr/bin/python Exploit Title: GpicView Buffer Overflow DOS Date: 25th February 2016 Exploit Author: David Silveiro Xino.co.uk Vendor Homepage: lxde.sourceforge.net/gpicview/ Software Link: https://sourceforge.net/projects/lxde/files/GPicView%20%28image%20Viewer%29/0.2.x/ Version: 0.2.5 Tested o...
GTK+ Integer Overflow Vulnerability
GTK+ is a multi-platform toolkit for creating graphical user interfaces. An integer overflow vulnerability exists in versions of GTK+ prior to 3.9.8, which allows remote attackers to cause a denial of service via a large image file triggering a large memory allocation...
Integer overflow
Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service crash via a large image file, which triggers a large...
CVE-2013-7447
Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service crash via a large image file, which triggers a large...
CVE-2013-7447
Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service crash via a large image file, which triggers a large...