DEBIAN-CVE-2016-5652

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...

DEBIAN-CVE-2016-3623

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service divide-by-zero by setting the 1 v or 2 h parameter to 0...

UBUNTU-CVE-2016-7519

The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted file...

UBUNTU-CVE-2016-6352

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service out-of-bounds write and crash via crafted dimensions in an ICO file...

Vulnerability of the Java Platform software platform, which allows a remote attacker to compromise the accessibility of protected information

The vulnerability in the pngdoexpandpalette function of the libpng library allows a malicious actor to trigger a service failure including resetting the null pointer and terminating the application abnormally by using a PLTE data block from zero bytes or an empty palette. This vulnerability is...

Nautilus 'PixarLogDecode' Function Denial of Service Vulnerability

Nautilus is a file manager for the GNOME desktop environment. A security vulnerability in the 'PixarLogDecode' function in the libtiff.so file of Nautilus allows remote attackers to construct special TIFF images that can be tricked into being parsed by the application, which can crash the...

UBUNTU-CVE-2011-5326

imlib2 before 1.4.9 allows remote attackers to cause a denial of service divide-by-zero error and application crash by drawing a 2x1 ellipse...

libgd 2.1.1 - Signedness Heap Overflow

libgd 2.1.1 - Signedness Heap Overflow Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may...

libgd 2.1.1 - Signedness Heap Overflow

Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may result in a heap overflow when processi...

libgd 2.1.1 Signedness

Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may result in a heap overflow when processi...

Silicon Graphics LibTiff tiff2bw Denial of Service Vulnerability

Silicon Graphics LibTiff is a library for reading and writing TIFF files. A security vulnerability in the tifread.c file in Silicon Graphics LibTiff's tiff2bw tool allows remote attackers to construct malicious TIFF images that can be tricked into being parsed by the user, which can crash an...

DEBIAN-CVE-2014-9655

The 1 putcontig8bitYCbCr21tile function in tifgetimage.c or 2 NeXTDecode function in tifnext.c in LibTIFF allows remote attackers to cause a denial of service uninitialized memory access via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif...

libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

It was discovered that the pnggetPLTE and pngsetPLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer...

libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

It was discovered that the pnggetPLTE and pngsetPLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer...

Silicon Graphics LibTiff Denial of Service Vulnerability

Silicon Graphics LibTiff is the United States Silicon Graphics, Inc. of a read and write TIFF Tagged Image File Format file library. A denial of service vulnerability exists in Silicon Graphics LibTiff. An attacker could exploit this vulnerability to cause a denial of service...

Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)

An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf...

The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information

The vulnerability of the libpng-1.2.2 package in the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...

Oracle Solaris Third-Party Patch Update : py_pil (multiple_vulnerabilities_in_python_image)

The remote Solaris system is missing necessary patches to address security updates : - The 1 loaddjpeg function in JpegImagePlugin.py, 2 Ghostscript function in EpsImagePlugin.py, 3 load function in IptcImagePlugin.py, and 4 copy function in Image.py in Python Image Library PIL 1.1.7 and earlier...

gd: NULL pointer dereference in gdImageCreateFromXpm()

A NULL pointer dereference flaw was found in the gdImageCreateFromXpm function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap XPM file...

UBUNTU-CVE-2014-3589

PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size...