516 matches found
CVE-2021-28676
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...
GHSA-RV7P-MMWQ-X674 Improper Input Validation and Code Injection in pdf-image
Lack of input validation in pdf-image npm package version = 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input...
Pillow 缓冲区错误漏洞
Python Imaging Library PIL is a free library for the Python programming language that supports opening, manipulating, and saving a wide range of image file formats.Pillow is a PIL branch. An out-of-bounds read vulnerability exists in the j2kugrayi function in J2kDecode in versions of Pillow prior...
DEBIAN-CVE-2021-3482
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data...
[SECURITY] Fedora 32 Update: python-pillow-7.0.0-7.fc32
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...
Pillow 缓冲区错误漏洞
Pillow is a Python-based image processing library. Pillow is vulnerable to an out-of-bounds read vulnerability, which can be exploited to submit special file requests and trick users into parsing them, which can crash the application...
PT-2021-7754 · Stb +3 · Stb +3
Name of the Vulnerable Software and Affected Versions: stb versions 2.26 Description: The issue is related to a buffer overflow vulnerability in the stbi extend receive function of the stb image.h component in the stb library for C/C++. This vulnerability can be exploited by a remote attacker usi...
png-img Input Validation Error Vulnerability
Rashid Ksirov png-img is an application from the Rashid Ksirov community in the USA. It provides a Lite self contained png image processing library for macOS and Linux. An input validation error vulnerability exists in png-img. The vulnerability stems from the package's PngImg::InitStorage functi...
The vulnerability of the _open_index function in the FpxImagePlugin.py library, a library for working with images from Pillow, related to integer overflow, allows a hacker to cause a service failure.
The vulnerability of the openindex function in the FpxImagePlugin.py library, a library for working with images, relates to a lack of mechanisms for controlling resource consumption. Exploiting this vulnerability allows an attacker who operates remotely to cause service interruptions...
The vulnerability of the Pillow image processing library, related to unlimited resource distribution, allows a hacker to cause a service failure.
The vulnerability of the Pillow image processing library is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by creating specially crafted image files...
CImg Library Input Validation Error Vulnerability
CImg Library is an open source C++ library for image processing organized by DavidTschumperlé GREYC Davidtschumperlé Greyc. CImg Library suffers from an input validation error vulnerability that stems from the use of an insecure pattern for calculating the required heap buffer allocation size,...
The vulnerability of the read_pixel function in the libjpeg library allows a hacker to induce a service failure.
The vulnerability of the readpixel function in the image processing library libjpeg is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
Pillow Temporary file name leakage
The 1 JpegImagePlugin.py and 2 EpsImagePlugin.py scripts in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes...
exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to an std::badalloc exception via a crafted PNG image file...
exiv2: information leak via a crafted file
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file...
Heap Overflow Vulnerability in FreeImage BMP File Parsing
FreeImage is a free , open source , cross-platform Windows, Linux and Mac OS X , supports more than 20 types of images such as BMP, JPEG, GIF, PNG, TIFF , etc. image processing library . A heap overflow vulnerability exists in the FreeImage image parsing library when parsing BMP files. An attacke...
The vulnerability of the Windows operating system’s image library, allowing a hacker to execute arbitrary code
The vulnerability of the Windows operating system’s image library relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
CVE-2020-8132
Lack of input validation in pdf-image npm package version = 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input...
DEBIAN-CVE-2019-20421
In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...
USN-4238-1 sdl-image1.2 vulnerabilities
It was discovered that SDLimage incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...