Lucene search
K

2251 matches found

UbuntuCve
UbuntuCve
added 2022/05/26 5:15 p.m.32 views

CVE-2022-21831

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

9.8CVSS7AI score0.02742EPSS
Exploits0References2
OSV
OSV
added 2022/05/26 5:15 p.m.1 views

UBUNTU-CVE-2022-21831

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

9.8CVSS6.5AI score0.02742EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/05/26 12:0 a.m.48 views

CVE-2022-21831

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

9.8CVSS6.7AI score0.02742EPSS
Exploits0
CVE
CVE
added 2022/05/26 12:0 a.m.295 views

CVE-2022-21831

CVE-2022-21831 affects Ruby on Rails’ Active Storage (Rails >= 5.2.0). The vulnerability arises from a code-injection in the image_processing backend (mini_magick), allowing remote code execution via crafted image_processing arguments. Impact is High (CVE describes RCE; CVSSv3.1 base score 9.8...

9.8CVSS9.4AI score0.02742EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/26 12:0 a.m.40 views

Improper Control of Generation of Code ('Code Injection')

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

9.8CVSS6AI score0.02742EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2022/05/26 12:0 a.m.31 views

CVE-2022-21831

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

9.7AI score0.02742EPSS
Exploits0References4
NVD
NVD
added 2022/05/25 10:15 p.m.32 views

CVE-2022-29256

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

6.7CVSS0.0037EPSS
Exploits0References2
Prion
Prion
added 2022/05/25 10:15 p.m.19 views

Design/Logic Flaw

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

4.6CVSS6.5AI score0.0037EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/25 9:20 p.m.88 views

CVE-2022-29256

CVE-2022-29256 affects sharp (Node.js image processing) versions prior to 0.30.5. If an attacker can control PKG_CONFIG_PATH in the build environment, they may inject arbitrary commands at npm install time (not a runtime issue; Windows builds are not affected). The issue is fixed in sharp v0.30.5...

6.7CVSS6.4AI score0.0037EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/25 9:20 p.m.22 views

CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

6.5CVSS6.4AI score0.0037EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.2 views

PT-2022-3459 · Pillow · Pillow

Name of the Vulnerable Software and Affected Versions: Pillow version 9.1.0 Description: The issue is related to a heap buffer overflow in the processing of invalid TGA image files. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected...

10CVSS8AI score0.03399EPSS
Exploits1References29
Github Security Blog
Github Security Blog
added 2022/05/24 9:59 p.m.23 views

TYPO3 Image Processing susceptible to Code Execution

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary gs must be available on the...

9.3CVSS8AI score0.03917EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2022/05/24 9:59 p.m.21 views

GHSA-3W4H-R27H-4R2W TYPO3 Image Processing susceptible to Code Execution

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary gs must be available on the...

7.5CVSS6.2AI score0.03917EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2022/05/18 12:0 a.m.5 views

The vulnerability of the ImageProcessing software arises from the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing attackers to execute shell commands.

The vulnerability of the ImageProcessing software exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute shell commands...

10CVSS7.9AI score0.02595EPSS
Exploits1References4Affected Software1
Mageia
Mageia
added 2022/05/12 10:24 a.m.92 views

Updated python-pillow packages fix security vulnerability

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary...

9.8CVSS5.3AI score0.03399EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/05/11 2:15 p.m.4 views

CVE-2022-29977

There is an assertion failure error in stbijpeghuffdecode, stbimage.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file...

6.5CVSS6.6AI score0.0097EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/09 5:15 p.m.4 views

CVE-2022-27114

There is a vulnerability in htmldoc 1.9.16. In imageloadjpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer...

5.5CVSS6.2AI score0.00906EPSS
Exploits1References4
CNVD
CNVD
added 2022/05/08 12:0 a.m.128 views

Adobe Photoshop Out-of-Bounds Read Vulnerability (CNVD-2022-50237)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. An out-of-bounds read vulnerability exists in Adobe Photoshop. An attacker could exploit this vulnerability to cause a sensitive memory leak...

4.3CVSS6.3AI score0.01455EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/05/08 12:0 a.m.11 views

Fedora: Security Advisory for zxing-cpp (FEDORA-2022-e22f1a8c17)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.8AI score0.02069EPSS
Exploits1References2
CNVD
CNVD
added 2022/05/06 12:0 a.m.11 views

ImageMagick Resource Management Error Vulnerability (CNVD-2022-38157)

ImageMagick is a set of open source image processing software. The software can read, convert or write images in a variety of formats.ImageMagick is vulnerable to security flaws, which attackers exploit by sending specially crafted DICOM image files to cause information leakage and denial of...

7.1CVSS3.8AI score0.01113EPSS
Exploits0References1
Rows per page
Query Builder