AZL-44970 CVE-2024-3727 affecting package buildah for versions less than 1.41.4-2

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

AZL-42318 CVE-2024-3727 affecting package containerized-data-importer for versions less than 1.57.0-2

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

AZL-43492 CVE-2024-3727 affecting package podman 4.1.1-26

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

UBUNTU-CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

SUSE CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

CVE-2024-3727 Containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

CVE-2024-3727

CVE-2024-3727 affects the containers/image library and enables attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, leading to resource exhaustion and local path traversal. Multiple connected advisories (e.g., container-tools updates and package-specific pat...

CVE-2024-3727 Containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

OESA-2024-1451 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. %package -n python3-pillow Summary: Python 3 image processing library Provides: python3-imaging = -...

CImg Security Vulnerabilities

CImg is a small open source C++ toolkit for image processing from GREYC Open Source. A security vulnerability exists in versions prior to Clmg 3.3.3. An attacker exploited this vulnerability to cause a heap-based buffer overflow via a specially crafted cimglibrary::CImg::loadanalyze file...

OESA-2024-1263 stb security update

Single-file public domain libraries for C/C++. Security Fixes: stbimage is a single file MIT licensed library for processing images. It may look like stbiloadgifmain doesn’t give guarantees about the content of output value delays upon failure. Although it sets delays to zero at the beginning, it...

Command Injection

Overview pdf-image is a library that provides an interface to convert PDF's pages to png files in Node.js by using ImageMagick. Affected versions of this package are vulnerable to Command Injection through the PDFImage function, due to improper user input validation. PoC js const pkg =...

SUSE CVE-2024-25448

An issue in the imlibfreeimageanddecache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image...

UBUNTU-CVE-2024-25448

An issue in the imlibfreeimageanddecache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image...

Important: python-pillow

Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...

SUSE CVE-2023-45667

stbimage is a single file MIT licensed library for processing images. If stbiloadgifmain in stbiloadgiffrommemory fails it returns a null pointer and may keep the z variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls stbiverticalflipslices with th...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the stbiloadgifmain function, an attacker can cause a memory leak or a double-free error by manipulating the delays output value. This is only exploitable if stbiloadgifmain returns a null value and stbiconvertformat is...

UBUNTU-CVE-2023-45663

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

UBUNTU-CVE-2023-45661

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...