CVE-2024-25580

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file...

CVE-2024-25580

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file...

CVE-2024-25580

The CVE-2024-25580 issue affects Qt, specifically in gui/util/qktxhandler.cpp, with potential buffer overflow leading to application crash when reading crafted KTX images. Affected products/versions include Qt before 5.15.17, Qt 6.x before 6.2.12, Qt 6.3.x–6.5.x before 6.5.5, and Qt 6.6.x before ...

The vulnerability of the ImageIO component in operating systems such as iOS, iPadOS, tvOS, watchOS, macOS, and visionOS allows attackers to execute arbitrary code.

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, macOS, and visionOS lies in the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created image file...

CVE-2021-47114 ocfs2: fix data corruption by fallocate

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at...

CVE-2024-26170 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

...

Microsoft Windows Composite Image File System security vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in the Microsoft Windows Composite Image File System. The following products and versions are affected: Windows Server 2022,Windows Server 2022 Server Core...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...

PT-2024-2250 · Microsoft · Windows Composite Image File System +1

Name of the Vulnerable Software and Affected Versions: Windows Composite Image File System CimFS affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Composite Image File System CimFS component, which can be exploited to elevate...

BIT-GITLAB-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

CVE-2024-1453

In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code...

USN-6644-2 tiff vulnerabilities

USN-6644-1 fixed vulnerabilities in LibTIFF. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly u...

SUSE CVE-2024-25580

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file...

Qt Security Vulnerabilities

Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libavif (SUSE-SU-2024:0423-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0423-1 advisory. - Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to...

The vulnerability of the TIFFOpen() function in the LibTIFF API library, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the TIFFOpen function in the LibTIFF library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

gimp: dds buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious DDS file, possibly enabling the execution of unauthorized code within the GIMP process...

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

PYSEC-2024-126

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...