371 matches found
GIMP: Buffer overflow
Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description Henning Makholm discovered that the "xcfloadvector" function is vulnerable to a buffer overflow when loading a XCF file with a large "numaxes" value. Impact An attacker could explo...
Moderate: Red Hat Security Advisory: gimp security update
Updated gimp packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP GNU Image Manipulation Program is an image composition and editing program. Henning Makho...
Plone 2.x - MembershipTool Access Control Bypass
Plone 2.x - MembershipTool Access Control Bypass source: https://www.securityfocus.com/bid/17484/info Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods. This issue...
GraphicsMagick: Format string vulnerability
Background GraphicsMagick is a collection of tools to read, write and manipulate images in many formats. Description The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of "%"-escaped sequences in filenames passed to the functi...
CVE-2006-0405
The TIFFFetchShortPair function in tifdirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service application crash via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function...
QDBM, ImageMagick, GDAL: RUNPATH issues
Background QDBM is a library of routines for managing a database. ImageMagick is a collection of tools to read, write and manipulate images. GDAL is a geospatial data abstraction library. Description Some packages may introduce insecure paths into the list of directories that are searched for...
XLI, Xloadimage: Buffer overflow
Background XLI and Xloadimage are X11 image manipulation utilities. Description When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and...
All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation
All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation source: https://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remo...
All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation
source: https://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPost PHP Pro. These issues are due t...
xv: Filename handling vulnerability
Background xv is an interactive image manipulation package for X11. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact Successful exploitation would require a victim to process a specially crafted image with a...
Ikonboard crossite scripting
IMGjavascript:alertdocument.cookie.gif/IMG, Photo/javascript:alertdocument.cookie URL, Photo, X-Forwarded-For scripting...