2251 matches found
Pillow Temporary file name leakage
The 1 JpegImagePlugin.py and 2 EpsImagePlugin.py scripts in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes...
Accusoft ImageGear TIFF fill_in_raster buffer copy operation code execution vulnerability
Summary An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a...
Fedora 30 : php-horde-horde (2020-fd8761fd13)
horde 5.2.22 - jan SECURITY: Protect image processing service from rendering active SVG content within the browser. - jan SECURITY: Fix XSS vulnerabilities in administration interface. - jan Support Redis Sentinel configuration Michael Menge , Request 14998. - jan Use file hashing for detecting...
exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer overflow via a crafted image file...
SRC-2020-0017 : Foxit Reader Heap Buffer Overflow Remote Code Execution vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
DEBIAN-CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
Out-of-bounds
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
Amazon Linux 2 : python-pillow (ALAS-2020-1412)
The version of python-pillow installed on the remote host is prior to 2.0.0-20.gitd1c6db8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1412 advisory. A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a lo...
The vulnerability of the unpacked_load_raw() function in the LibRaw image processing library allows a attacker to cause a service failure.
The vulnerability of the unpackedloadraw function in dcrawcommon.cpp in the LibRaw image processing library is related to type conversion errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)
According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the 'crafted image file'...
Debian DLA-2173-1 : graphicsmagick security update
A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage function. For Debian 8 'Jessie', this problem has been fixed in version...
Arbitrary Code Execution
cairo is vulnerable to arbitrary code execution. The vulnerability exists if an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application...
MGASA-2020-0163 Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...
CVE-2020-6822
The Mozilla Foundation Security Advisory describes this flaw as: On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code...
UBUNTU-CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
Mozilla Firefox < 75.0
The version of Firefox installed on the remote Windows host is prior to 75.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-12 advisory. - Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some...