CVE-2014-5282

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'...

UBUNTU-CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

The vulnerability of the GIF loader in the imlib2 library allows a hacker to trigger a service failure or gain access to confidential data.

The vulnerability of the imlib2 GIF library loader exists due to a read buffer overflow error. Exploiting this vulnerability can allow an attacker to cause service failures or gain access to confidential data using a specially created GIF image...

Blender BKE_image_acquire_ibuf Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

Blender Sequencer imb_load_dpx_cineon Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .cin file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

Qemu: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achiev...

CVE-2017-16797

In SWFTools 0.9.2, the pngload function in lib/png.c does not properly validate an alloclen64 multiplication of width and height values, which allows remote attackers to cause a denial of service integer overflow, heap-based buffer overflow, and application crash or possibly have unspecified othe...

[SECURITY] Fedora 25 Update: SDL2_image-2.0.1-8.fc25

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

[SECURITY] Fedora 26 Update: SDL2_image-2.0.1-8.fc26

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

[SECURITY] Fedora 27 Update: SDL2_image-2.0.1-8.fc27

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

GDK-PixBuf: Multiple vulnerabilities

Background GDK-PixBuf is an image loading library for GTK+. Description Multiple vulnerabilities have been discovered in GDK-PixBuf. Please review the referenced CVE identifiers for details. Impact A remote attacker, by sending a specially crafted TIFF, JPEG, or URL, could execute arbitrary code...

CVE-2017-13133

In ImageMagick 7.0.6-8, the loadlevel function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service loadtile memory exhaustion via a crafted file...

Unauthorized Image Loading

github.com/kubernetes/kubernetes is vulnerable to unauthorized image loading. A malicious user can use the private images of another user if they know the name of the image...

DEBIAN-CVE-2017-12604

OpenCV Open Source Computer Vision Library through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread...

SWFTools Denial of Service Vulnerability (CNVD-2017-15102)

SWFTools is a utility toolset for working with Adobe Flash files SWF files. A denial of service vulnerability exists in the 'pngload' function in the lib/png.c file in SWFTools version 0.9.2. An attacker can exploit this vulnerability to cause a denial of service crash...

The vulnerability of the Android operating system’s loading image processing service allows a hacker to cause the device to freeze and restart.

The vulnerability of the Android operating system’s image loading processing service arises from a loss of precision in integer arithmetic. Exploiting this vulnerability can allow an attacker to cause the device to freeze and restart remotely...

NXP i.MX Product Family

CVSS v3 6.0 REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on June 1, 2017, and is being released to the NCCIC/ICS-CERT web site. AFFECTED PRODUCTS The following i.MX Devices, used on logic boards, are affected: Devices affected by the Stack Buffer Overflow...

Gratipay: Transferring incorrect data to the http://gip.rocks/v1 endpoint with correct Content-Type leads to local paths disclosure through the error message

Description Hi. I found the way to raise 500 Internal Server Error with some sensitive information disclosure some local paths of the python installation. The issue is not critical, however, you can prevent this information leak. Request: POST /v1 HTTP/1.1 Host: gip.rocks Cache-Control: max-age=0...

Microsoft Windows Remote Code Execution Vulnerability (CNVD-2016-11021)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists when the Windows image file loading feature fails to properly handle incorrectly formatted image files. An attacker could execute arbitrary code...

Adobe Flash - ATF Image Packing Overflow

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=793 There is a heap overflow in ATF impage packing. To reproduce the issue, load the attach file '129' using LoadImage.swf as follows: LoadImage.swf?img=129 Proof of Concept:...