SUSE CVE-2018-16554

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling...

SUSE CVE-2018-19871

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption...

SUSE CVE-2019-11459

The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented, leading to uninitialized memory use when processing certain TIFF image files...

SUSE CVE-2019-12211

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow...

SUSE CVE-2019-14369

Exiv2::PngImage::readMetadata in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service heap-based buffer over-read via a crafted image file...

SUSE CVE-2020-18773

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...

SUSE CVE-2020-23109

Buffer overflow vulnerability in function convertcolorspace in heifcolorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file...

SUSE CVE-2021-3802

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability...

SUSE CVE-2022-0284

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format TIFF image to convert it into a PICON file format. This issue can potentially lead to a...

SUSE CVE-2022-1622

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa...

SUSE CVE-2022-3213

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service...

SUSE CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

ALPINE-CVE-2023-0801

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tifunix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee12...

DEBIAN-CVE-2023-0797

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tifunix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e...

LibTIFF 缓冲区错误漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for processing TIFF files. libTIFF suffers from an out-of-bounds read vulnerability, which stems from a boundary error in iffcrop at tools/tiffcrop.c:3488 when...

The vulnerability affects the Windows GDI component of the Microsoft Message Passing System, the Microsoft Office software suite, and the Windows operating system. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the Windows GDI component in the Microsoft Lync messaging system, the Microsoft Office suite of programs, and the Windows operating system is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a speciall...

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in PDF-XChange Editor that originates from a problem with the parsing of certain TIF files...

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in PDF-XChange Editor that originates from a problem with the parsing of certain TIF files...

ROS-20230124-05

A vulnerability in the X Pixmap XPM libXpm image file library is related to an infinite loop when processing unclosed comments in XPM images in the ParseComment function. loop when processing unclosed comments in XPM images in the ParseComment function. Exploitation The vulnerability could allow ...

DEBIAN-CVE-2022-48281

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image...