CVE-2019-17014

If an image had not loaded correctly such as when it is not actually an image, it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox 71...

CVE-2019-17014

If an image had not loaded correctly such as when it is not actually an image, it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox 71...

CVE-2019-17014

If an image had not loaded correctly such as when it is not actually an image, it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox 71...

CVE-2019-17534

vipsforeignloadgifscanimage in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free...

UBUNTU-CVE-2019-17534

vipsforeignloadgifscanimage in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free...

[SECURITY] Fedora 29 Update: SDL2_image-2.0.5-2.fc29

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

CVE-2019-13568

CImg through 2.6.7 has a heap-based buffer overflow in loadbmp in CImg.h because of erroneous memory allocation for a malformed BMP image...

DEBIAN-CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

Command injection

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

CVE-2018-13927

Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

Code injection

Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

DEBIAN-CVE-2019-5052

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to...

Fedora Update for mingw-SDL2_image FEDORA-2018-b38de02132

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

February 21, 2019—KB4491101 (OS Build 10240.18135)

February 21, 2019—KB4491101 OS Build 10240.18135 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may prevent Internet Explorer from loading images that have a...

February 19, 2019—KB4486565 (Preview of Monthly Rollup)

February 19, 2019—KB4486565 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4486563 released February 12, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates...

openSUSE Security Update : otrs (openSUSE-2019-748)

This update for otrs to version 4.0.32 fixes the following issues : These security issues were fixed : - CVE-2018-16586: An attacker could have sent a malicious email to an OTRS system. If a logged in user opens it, the email could have caused the browser to load external image or CSS resources...

Denial Of Service (DoS)

svgexport is vulnerable to denial of service. A lack of timeout when loading an external image can result in a denial of service condition...

Fedora 29 : libgxps (2019-8e9789a629)

libgxps 0.3.1 release. - Fix font scaling when converting xps to pdf - Handle errors returned by archivereaddata in GXPSArchive - Ensure gxpsarchivereadentry fills the GError in case of failure - Make the pdf generated by xpstopdf to be 96 dpi - Fix OUTPUT FILE description in man pages - Clear th...

CVE-2018-5870

CVE-2018-5870 concerns Snapdragon Mobile: an untrusted pointer dereference during loading of a service image affects select Qualcomm SoCs (SD835, SDA660, SDX24). The NVD entry lists a high base score (CVSSv3: 7.8, LOCAL attack, LOW privileges required, no user interaction) with impact on confiden...