CVE-2024-6822

IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

IrfanView 安全漏洞

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. IrfanView suffers from a buffer overflow vulnerability that stems from the SID file parsing function containing a stack-based buffer overflow. An attacker can exploit this vulnerability to...

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from a buffer error vulnerability that stems from the CIN file parsing feature containing an out-of-bounds write issue. An attacke...

Tungsten Automation Power PDF 缓冲区错误漏洞

Tungsten Automation Power PDF Kofax Power PDF is a powerful PDF processing software from Tungsten Automation. Tungsten Automation Power PDF suffers from a buffer error vulnerability that stems from the parsing of JPG files containing an out-of-bounds read issue. An attacker exploiting this...

PT-2024-34560 · Unknown · Anuj Kumar'S Boat Booking System

Name of the Vulnerable Software and Affected Versions: Anuj Kumar's Boat Booking System version 1.0 Description: The issue allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter in the change-image.php file. This enables attackers to potentially execute...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the SVG parser. An attacker can perform server-side request forgery, disclose internal image files, and execute PHAR deserialization attacks by manipulating XML input. Note: This vulnerability i...

CVE-2024-11049

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2024-11049

CVE-2024-11049 affects ZKTeco ZKBio Time 9.0.1, specifically the Image File Handler component and an unknown function of the file path /auth_files/photo/. The issue allows remote-triggered manipulation of a direct request, with attack complexity rated as HIGH and no required privileges, but no us...

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

ZKTeco ZKBio Time 安全漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...

PT-2024-16723 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Time version 9.0.1 Description: A vulnerability has been found in the Image File Handler component of ZKTeco ZKBio Time, affecting an unknown function of the file /auth files/photo/. This issue leads to direct request manipulatio...

RLSA-2024:8833 Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: NULL pointer dereference in tifdirinfo.c CVE-2024-7006 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

[SECURITY] Fedora 40 Update: libtiff-4.6.0-5.fc40.1

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

PT-2025-6419 · Nvidia · Nvjpeg2000 Library

Name of the Vulnerable Software and Affected Versions: NVIDIA nvJPEG2000 library affected versions not specified Description: The NVIDIA nvJPEG2000 library contains a vulnerability that allows an attacker to cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A...

CVE-2024-10161

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate th...

libheif 安全漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. A security vulnerability exists in libheif version 1.17.6, which stems from insufficient checks when decoding HEIF files containing forged offsets, which could lead to out-of-bounds reads and write...

PT-2024-39809 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required, where the target...

PT-2024-7223 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server version 3.14.2 GitHub Enterprise Server version 3.13.5 GitHub Enterprise Server version 3.12.10 GitHub Enterprise Server version 3.11.16 Description: An information...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software, related to the occurrence of operations outside the buffer in memory, allows attackers to disclose protected information.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created TIF file...