Code injection

econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service crash via a crafted image file...

CVE-2013-1441

econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service crash via a crafted image file...

CVE-2013-1441

econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service crash via a crafted image file...

Fedora Update for libtiff FEDORA-2013-15679

Check for the Version of libtiff OpenVAS Vulnerability Test Fedora Update for libtiff FEDORA-2013-15679 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2013-2583

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via 1 a javascript: URL, 2 malformed nested...

Amazon Linux AMI : libexif (ALAS-2012-126)

Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user runnin...

Amazon Linux AMI : openjpeg (ALAS-2012-111)

An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially crafted image file that, when decoded using an application linked against OpenJPEG, would cause th...

Amazon Linux AMI : php (ALAS-2012-37)

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by...

Debian Security Advisory DSA 2744-1 (tiff - several vulnerabilities)

Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2744.nasl 6611 2017-07-07 12:07:20Z cfischer ...

Fedora Update for libtiff FEDORA-2013-14707

Check for the Version of libtiff OpenVAS Vulnerability Test Fedora Update for libtiff FEDORA-2013-14707 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Double free

Multiple double free vulnerabilities in the LibRaw::unpack function in librawcxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code via a malformed full-color 1 Foveon or 2 sRAW image file...

CVE-2013-2126

Multiple double free vulnerabilities in the LibRaw::unpack function in librawcxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code via a malformed full-color 1 Foveon or 2 sRAW image file...

CVE-2013-2126

Multiple double free vulnerabilities in the LibRaw::unpack function in librawcxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code via a malformed full-color 1 Foveon or 2 sRAW image file...

MS13-056: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)

The remote Windows host is potentially affected by a vulnerability that could allow remote code execution if a user opens a malicious image file. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the local user. C Tenable Network Security, Inc...

Microsoft DirectShow 远程代码执行漏洞(CVE-2013-3174)

BUGTRAQ ID: 60979 CVECAN ID: CVE-2013-3174 DirectShow是微软公司在ActiveMovie和Video for Windows的基础上推出的新一代基于COMComponent Object Model的流媒体处理开发包，与DirectX开发包一起发布。 Microsoft DirectShow 分析 GIF 图像文件的方式中存在一个远程执行代码漏洞。如果用户打开特制 GIF...

Stack overflow

Stack-based buffer overflow in the t2pwritepdfpage function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service application crash via a crafted image length and resolution in a TIFF image file...

CVE-2013-1961

Stack-based buffer overflow in the t2pwritepdfpage function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service application crash via a crafted image length and resolution in a TIFF image file...

CVE-2013-1960

Heap-based buffer overflow in the t2pprocessjpegstrip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted TIFF image file...

CVE-2013-1960

CVE-2013-1960: A heap-based buffer overflow in libtiff’s tiff2pdf component (t2p_process_jpeg_strip) can crash or allow possible code execution via a crafted TIFF image. Affected: libtiff/tiff2pdf. Impact: denial of service and potential RCE as described in multiple advisories. Remediation: upgra...

CVE-2013-1960

Heap-based buffer overflow in the t2pprocessjpegstrip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted TIFF image file...