CVE-2023-29408

A flaw was found in the Golang tiff package, where it is vulnerable to a denial of service caused by not limiting the size of compressed tile data. By persuading a victim to open a specially crafted image file, a remote attacker can cause excessive memory and CPU consumption in decoding, resultin...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists becuse the library does not properly validate image files, allowing an attacker to inject and execute malicious command through the file parser...

Apple macOS Hydra Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the Hydr...

CVE-2023-39147

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file...

CVE-2023-39147

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file...

Design/Logic Flaw

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file...

CVE-2023-39147

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file...

CVE-2023-39147

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file...

Debian: Security Advisory (DLA-3513-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3614

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file...

CVE-2023-3614 Denial of Service via specially crafted gif image

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file...

Malicious campaigns target government, military and civilian entities in Ukraine, Poland

Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access. The activity we...

OESA-2023-1385 libtiff security update

This libtiff provides support for the Tag Image File Format TIFF, a widely used format for storing image data. Security Fixes: loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.CVE-2023-26965 A NULL pointer dereference in TIFFClose is...

SUSE CVE-2023-2908

A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...

CVE-2023-2908

A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...

CVE-2023-2908 Libtiff: null pointer dereference in tif_dir.c

A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...

CVE-2023-2908

A null pointer dereference issue was found in Libtiff's tifdir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial o...

The vulnerability of the software lies in the ability to increase the effective working time of components and equipment, as well as optimize resource utilization in the SAP 3D Visual Enterprise Viewer. This vulnerability stems from the possibility of writing data beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the software for increasing the effective working time of components and equipment, as well as optimizing resource usage in the SAP 3D Visual Enterprise Viewer, is related to the ability to write data beyond the buffer in memory. Exploiting this vulnerability allows a malicio...

Moderate: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

LibTIFF 安全漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF version 4.5.0, which stems from the presence of a buffer overflow...