Exploit for Use After Free in Autodesk 3Ds_Max

CVE-2023-20052 CVE-2023-20052, information leak vulnerability...

Fedora: Security Advisory for libheif (FEDORA-2023-440c8694e5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for libheif (FEDORA-2023-e679ea4fa2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for libheif (FEDORA-2023-fd63c401df)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

Updated openimageio packages fix security vulnerability

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensiti...

PT-2023-35786 · Heif · Heif

Name of the Vulnerable Software and Affected Versions: heif affected versions not specified Description: A heap buffer overflow issue was identified, which can cause a crash. The issue occurs in the RegionItem::parse function, specifically when heif::HeifContext interprets a HEIF file or reads fr...

The vulnerability of the PDF-XChange PDF document viewing and editing program lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of the PDF document viewing and editing software PDF-XChange lies in the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created TIFF file...

MGASA-2023-0144 Updated libheif packages fix security vulnerability

Vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. CVE-2023-0996...

CVE-2023-1381 WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...

CVE-2023-1381 WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libheif (SUSE-SU-2023:1766-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1766-1 advisory. - There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. ...

[SECURITY] [DLA 3382-1] openimageio security update

Debian LTS Advisory DLA-3382-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 05, 2023 https://wiki.debian.org/LTS Package : openimageio Version : 2.0.5dfsg0-1+deb10u1 CVE ID : CVE-2022-36354 CVE-2022-41639 CVE-2022-41838 CVE-2022-41977 CVE-2022-41981...

Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on: Live Centos & Litespeed...

Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting XSS Date: 19/01/2023 Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on: Live...

CVE-2023-1776

Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file...

CVE-2023-1776

CVE-2023-1776 affects Mattermost Boards, where an attacker can upload a malicious SVG image file as an attachment to a card and share it via a direct link to the file. The provided documents indicate this is a board-related SVG upload issue but do not specify affected product versions, root cause...

CVE-2022-37358

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. PDF-XChange Editor suffers from a buffer error vulnerability that originates from a buffer overflow problem in the parsing of JPG files...

The vulnerability of the Exiv2 metadata management library commands, related to executing a loop with an unreachable exit condition, allows a hacker to cause a service failure.

The vulnerability of the Exiv2 metadata management library commands is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failure by using a specially created image file...