Mandriva Linux Security Advisory : openjpeg (MDVSA-2012:104)

Multiple vulnerabilities has been discovered and corrected in openjpeg : OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially crafted image file that, when opened in an application linked...

Scientific Linux Security Update : python on SL4.x i386/x86_64

Multiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the applicatio...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120424)

Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType OTS, used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute...

Scientific Linux Security Update : libpng on SL5.x, SL4.x i386/x86_64

Several flaws were discovered in the way libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. CVE-2007-5269 %NASLMINLEVEL 70300 C Tenable...

CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

CentOS Update for openoffice.org-base CESA-2012:0705 centos5

Check for the Version of openoffice.org-base OpenVAS Vulnerability Test CentOS Update for openoffice.org-base CESA-2012:0705 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

CentOS Update for thunderbird CESA-2012:0516 centos6

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2012:0516 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS Update for libtiff CESA-2012:0468 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for gimp CESA-2011:0838 centos5 x86_64

Check for the Version of gimp OpenVAS Vulnerability Test CentOS Update for gimp CESA-2011:0838 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

USN-1513-1: libexif vulnerabilities

Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information...

CVE-2012-3361

virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image...

Oracle Outside-In - '.FPX' File Parsing Heap Overflow

Application: Oracle Outside-In FPX File Parsing Heap Overflow Version: he vulnerabilities are reported in versions 8.3.5 and 8.3.7. Exploitation: Remote code execution Secunia Number: SA49936 PRL: 2012-26 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/...

CVE-2012-3358

Multiple heap-based buffer overflows in the j2kreadsot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted 1 tile number or 2 tile length in a JPEG 2000 image file...

Mandriva Update for openjpeg MDVSA-2012:104 (openjpeg)

Check for the Version of openjpeg OpenVAS Vulnerability Test Mandriva Update for openjpeg MDVSA-2012:104 openjpeg Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Design/Logic Flaw

The gdkpixbufgifimageload function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service memory consumption via a crafted GIF image file...

GLSA-201206-04 : ArgyllCMS: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201206-04 ArgyllCMS: User-assisted execution of arbitrary code ArgyllCMS does not properly handle ICC profiles causing a use-after-free vulnerability. Impact : A remote attacker could entice a user to open a specially crafted imag...

RHEL 5 / 6 : openoffice.org (RHSA-2012:0705)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0705 advisory. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application,...

JVN#21422837: Roundcube Webmail vulnerable to cross-site scripting

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when viewing a specially crafted image file. Solution Update the...

ImageMagick: invalid validation of images denial of service

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service infinite loop and hang via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF...

ImageMagick: invalid validation of images denial of service

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service infinite loop and hang via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF...