UBUNTU-CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1...

CVE-2022-0545

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is...

CVE-2022-0545

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is...

MetadataExtractor 安全漏洞

MetadataExtractor is a .NET library for extracting metadata such as Exif, IPT, XMP and ICC from image and video files. MetadataExtractor suffers from a security vulnerability that stems from the fact that when reading a specially crafted JPEG file, the metadata extractor can be used to allocate a...

Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2022-1161)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microweber 1.2.11 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Microweber 1.2.11 - Remote Code Execution RCE Authenticated Google Dork: NA Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber Version: 1.2.11 Tested on: KALI OS CVE : CVE-2022-0557...

CVE-2022-25336

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference IDOR attacks against image files because the image path and filename can be correctly deduced...

Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable

The Mozilla Foundation Security Advisory describes this flaw as: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it...

AZL-44088 CVE-2022-0562 affecting package openjpeg2 2.3.1-12

Null source pointer passed as an argument to memcpy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c...

Format string

When a user opens a manipulated Tagged Image File Format .tiff, 2d.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with the...

iTunesRPC-Remastered OS Command Injection Vulnerability

iTunesRPC-Remastered is a rich discordant state application used with iTunes and Apple Music. iTunesRPC-Remastered suffers from an operating system command injection vulnerability that stems from iTunesRPC-Remastered not properly cleaning the image file path. An attacker could exploit this...

AlmaLinux 8 : compat-exiv2-026 (ALSA-2021:4319)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4319 advisory. - An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS v...

USN-5143-1 leptonlib vulnerability

It was discovered that Leptonica incorrectly handled certain image files. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact...

Command injection

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade...

iTunesRPC-Remastered 操作系统命令注入漏洞

iTunesRPC-Remastered is a rich discordant state application used with iTunes and Apple Music. iTunesRPC-Remastered suffers from an operating system command injection vulnerability that stems from iTunesRPC-Remastered not properly cleaning the image file path. An attacker could exploit this...

WordPress Learnpress 4.1.4.1 Plugin - Arbitrary Image Renaming Vulnerability

Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested on: Linux CVE:...

Mageia: Security Advisory (MGASA-2014-0491)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202107-02 : FreeImage: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202107-02 FreeImage: Multiple vulnerabilities Multiple vulnerabilities have been discovered in FreeImage. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a...

CVE-2022-22820

Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4...

USN-5241-1: QtSvg vulnerabilities

It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary co...