Lucene search
K

2251 matches found

CNVD
CNVD
added 2020/12/15 12:0 a.m.7 views

ImageMagick Code Issue Vulnerability

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.0.8-68, which stem...

5.5CVSS5.9AI score0.01016EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/12/14 1:36 p.m.5 views

libexif: out of bounds write due to an integer overflow in exif-entry.c

A flaw was found in libexif. A possible out of bounds write, due ot an integer overflow, could lead to a remote code execution if a third party app used this library to process remote image data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

9.8CVSS7.9AI score0.03189EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/12/14 11:50 a.m.4 views

libexif: out of bounds write due to an integer overflow in exif-entry.c

A flaw was found in libexif. A possible out of bounds write, due ot an integer overflow, could lead to a remote code execution if a third party app used this library to process remote image data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

9.8CVSS7.9AI score0.03189EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/12/14 11:36 a.m.4 views

libexif: out of bounds write due to an integer overflow in exif-entry.c

A flaw was found in libexif. A possible out of bounds write, due ot an integer overflow, could lead to a remote code execution if a third party app used this library to process remote image data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

9.8CVSS7.9AI score0.03189EPSS
Exploits0References4
Apple
Apple
added 2020/12/14 12:0 a.m.104 views

About the security content of tvOS 14.3

About the security content of tvOS 14.3 This document describes the security content of tvOS 14.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

8.8CVSS9.6AI score0.01705EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2020/12/09 1:23 a.m.23 views

[SECURITY] Fedora 32 Update: vips-8.8.4-5.fc32

VIPS is an image processing library. It is good for very large images even larger than the amount of RAM in your machine, and for working with color. This package should be installed if you want to use a program compiled against VIPS...

5.3CVSS2.6AI score0.0198EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/12/09 12:0 a.m.18 views

Fedora: Security Advisory for vips (FEDORA-2020-d82261f7b1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.3CVSS6.1AI score0.0198EPSS
Exploits1References2
OSV
OSV
added 2020/12/08 9:15 p.m.6 views

CVE-2020-27912

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution...

7.8CVSS7.3AI score
Exploits0References9
NVD
NVD
added 2020/12/08 9:15 p.m.23 views

CVE-2020-27912

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution...

9.3CVSS7.4AI score0.01764EPSS
Exploits0References9
Cvelist
Cvelist
added 2020/12/08 8:10 p.m.24 views

CVE-2020-27912

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution...

8AI score0.01764EPSS
Exploits0References9
CVE
CVE
added 2020/12/08 12:0 a.m.264 views

CVE-2020-27751

ImageMagick vulnerability CVE-2020-27751 affects MagickCore/quantum-export.c. Processing a crafted file can trigger undefined behavior: values outside the range of unsigned long long and a shift exponent too large for 64-bit, with the likely impact on availability. Affected are ImageMagick versio...

4.3CVSS4.7AI score0.01114EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

ImageMagick Studio ImageMagick 安全漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.0.8-68 that stems...

5.5CVSS6.8AI score0.01016EPSS
Exploits1References14
CNVD
CNVD
added 2020/12/07 12:0 a.m.2 views

Imagemagick Studio ImageMagick Input Validation Error Vulnerability (CNVD-2020-70259)

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. An input validation error vulnerability exists in versions prior to ImageMagick...

4.3CVSS7.6AI score0.01126EPSS
Exploits0References1
OSV
OSV
added 2020/12/04 9:15 p.m.15 views

CVE-2020-27776

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability,...

3.3CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2020/12/03 5:15 p.m.25 views

CVE-2020-27763

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause...

3.3CVSS6.1AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/12/01 3:26 p.m.5 views

Mozilla: Variable time processing of cross-origin images during drawImage calls

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS7.4AI score0.0247EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2020/12/01 12:0 a.m.15 views

Debian: Security Advisory (DLA-2473-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.1AI score0.0198EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/12/01 12:0 a.m.28 views

Debian DLA-2473-1 : vips security update

In VIPS, an image processing system, an uninitialized variable which may cause the leakage of remote server path or stack address was fixed. For Debian 9 stretch, this problem has been fixed in version 8.4.5-1+deb9u2. We recommend that you upgrade your vips packages. For the detailed security...

5.3CVSS6.3AI score0.0198EPSS
Exploits1References4
CNVD
CNVD
added 2020/11/23 12:0 a.m.19 views

libvips Information Disclosure Vulnerability

libvips is a demand-driven multi-threaded image processing library. libvips versions prior to 8.8.2 are vulnerable to an information disclosure. The vulnerability stems from imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips having uninitialized variables. An attacker could use this...

5.3CVSS3.7AI score0.0198EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/11/19 12:0 a.m.74 views

macOS 11.0.x < 11.0.1

The remote host is running a version of macOS / Mac OS X that is 11.0.x prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities, including the following: - An out-of-bounds write issue that can lead to unexpected application termination or arbitrary code execution when opening a...

9.3CVSS7.5AI score0.22178EPSS
Exploits7References63
Rows per page
Query Builder