DEBIAN-CVE-2022-28041

stbimage.h v2.27 was discovered to contain an integer overflow via the function stbijpegdecodeblockprogdc. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

UBUNTU-CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

[SECURITY] Fedora 36 Update: giflib-5.2.1-11.fc36

giflib is a library for reading and writing gif images...

containers/image library Insufficiently Protects Credentials

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

GHSA-85P9-J7C9-V4GR containers/image library Insufficiently Protects Credentials

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

ROS-20220128-02

A vulnerability in the Python Pillow image library is related to buffer re-reading during the ImagePath.Path initialization in the pathgetbbox function in path.c. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted file to a vulnerable library and...

Piwigo Cross-Site Scripting Vulnerability (CNVD-2021-101688)

Piwigo is a set of Web-based open source image library software. Piwigo has a cross-site scripting vulnerability in version 11.5.0, which stems from a lack of user-supplied data and output data validation filtering. An attacker could exploit this vulnerability to conduct XSS attacks via the syste...

@htmlacademy/autocheck (>=1.5.0 <=1.5.4), @htmlacademy/courses-task-checks (>=1.0.10-14 <=1.1.38) +16 more potentially affected by CVE-2020-28248 via png-img (>=0.2.1 <=2.3.0)

png-img NPM version =0.2.1, =1.5.0, =1.0.10-14, =1.0.1, =1.0.0, =1.10.1, =4.0.0, =0.0.1, =0.9.0, =2.2.0, =0.7.0, =1.0.11, =0.79.5, =0.1.0, =0.0.1, =0.0.18 and more Source cves: CVE-2020-28248 Source advisory: OSV:GHSA-Q5WR-FVPQ-P67G...

Piwigo SQL Injection Vulnerability (CNVD-2021-100297)

Piwigo is a set of Web-based open source image library software. Piwigo v11.5 contains a security vulnerability in /admin/batchmanagerglobal.php in which the parameter pwgtoken is not sufficiently escaped and filtered. No details of the vulnerability are available at this time...

exiv2: DoS due to quadratic complexity in ProcessUTF8Portion

There's a flaw in the xmpsdk component shipped with exiv2. An attacker who is able to submit a crafted file to be processed by an application linked with the exiv2 library could cause an excessive consumption of resources, potentially leading to denial of service. The greatest impact of this flaw...

The vulnerability of the Leptonica image processing library, related to the implementation of an incorrect control flow, allows a hacker to trigger a service failure.

The vulnerability of the Leptonica image processing library is related to the implementation of an incorrect control flow. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

CLSA-2021-1635459219 Fix CVE(s): CVE-2021-40812, CVE-2021-40145, CVE-2021-38115, CVE-2017-6363

SECURITY UPDATE: unhandled memory allocation error in gdImageGd2Ptr - debian/patches/CVE-2021-40145.patch: check for non-zero return code from gdImageGd2 - CVE-2021-40145 SECURITY UPDATE: unhandled value returned from gdPutBuf - debian/patches/CVE-2021-40812.patch: handle possible gdPutBuf error ...

The vulnerability of the Convert.c component in the Pillow image processing library, related to buffer overflow in memory, allows an attacker to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Convert.c component in the Pillow image processing library relates to the ability to pass parameters directly to the function. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failur...

UBUNTU-CVE-2021-28021

Buffer overflow vulnerability in function stbiextendreceive in stbimage.h in stb 2.26 via a crafted JPEG file...

USN-5099-1 imlib2 vulnerability

It was discovered that Imlib2 incorrectly handled certain ICO images. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code...

libjpeg 安全漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding and other JPEG functions. A security vulnerability exists in libjpeg that stems from an uncaught floating-point exception in the function ACLosslessScan::ParseMCU located in...

ROS-2-2224

2.2224 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...

ROS-2-2233

2.2233 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...

PYSEC-2021-883

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...

exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp

A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute cod...