CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1...

UBUNTU-CVE-2022-0545

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is...

Mageia: Security Advisory (MGASA-2018-0276)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23095

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process...

PT-2022-4823

Name of the Vulnerable Software and Affected Versions Blender versions prior to 2.83.19 Blender versions prior to 2.93.8 Blender versions prior to 3.1 Description An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read...

Integer Overflow or Wraparound in OpenCV

In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 corresponding with OpenCV-Python version 3.3.0.9 and...

Dell BIOS 安全漏洞

DELL Dell BIOSConnect is an underlying platform from Dell USA that enables BIOS to connect to Dell's HTTP backend and load images via the HTTP method. Dell BIOS has a security vulnerability that stems from the authentication mechanism not being brute force protected. A local administrator can...

CVE-2021-1898

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

EulerOS Virtualization for ARM 64 3.0.2.0 : gdk-pixbuf2 (EulerOS-SA-2021-2111)

According to the versions of the gdk-pixbuf2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used ...

Dell BIOSConnect feature 缓冲区错误漏洞

Dell BIOSConnect is an underlying platform from Dell USA that enables BIOS to connect to Dell's HTTP backend and load images via HTTP methods. A buffer error vulnerability exists in the Dell BIOSConnect feature that can be exploited by an attacker to run arbitrary code and bypass UEFI restriction...

PT-2021-17898 · Pillow +9 · Pillow +9

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 8.2.0 Description: An issue was discovered in Pillow where PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a Denial of Service...

Fedora: Security Advisory for gdk-pixbuf2 (FEDORA-2021-2e59756cbe)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: gdk-pixbuf2-2.42.2-2.fc33

gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...

Godot 缓冲区错误漏洞

Godot is a 2D and 3D cross-platform compatible game engine and is open source software released under the MIT license. A buffer overflow vulnerability exists in Godot 3.2 and earlier versions. The vulnerability stems from improper boundary checking when loading .TGA image files. An attacker could...

CVE-2020-1890

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction...

CVE-2020-7696

The CVE-2020-7696 entry affects all versions of react-native-fast-image. When an image is loaded with headers that include sensitive data (e.g., host and authorization in the request headers), subsequent images reuse those headers, causing potential leakage of signing credentials or session token...

CVE-2020-1279

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'...

Security Feature Bypass Vulnerability for Word (June 2020)

The Microsoft Word Products is missing a security update, and Therefore is affected by a security feature bypass vulnerability. An attacker who exploited this vulnerability could cause a system to load remote images which could disclose the IP address of the targeted system to the attacker. C...

USN-4238-1: SDL_image vulnerabilities

It was discovered that SDLimage incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...

CVE-2019-17014

CVE-2019-17014 : A cross-origin information leak in Firefox occurs when an image fails to load correctly (e.g., non-image), enabling cross-domain drag-and-drop. Affected: Firefox versions earlier than 71. Root cause: drag-and-drop cross-domain exposure, leading to a partial confidentiality impact...