Lucene search
K

2251 matches found

Github Security Blog
Github Security Blog
added 2020/05/18 5:41 p.m.106 views

Pillow Temporary file name leakage

The 1 JpegImagePlugin.py and 2 EpsImagePlugin.py scripts in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes...

2.1CVSS8.7AI score0.00448EPSS
Exploits1References9Affected Software1
Talos
Talos
added 2020/05/05 12:0 a.m.58 views

Accusoft ImageGear TIFF fill_in_raster buffer copy operation code execution vulnerability

Summary An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a...

9.8CVSS9.1AI score0.03597EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/04/30 12:0 a.m.109 views

Fedora 30 : php-horde-horde (2020-fd8761fd13)

horde 5.2.22 - jan SECURITY: Protect image processing service from rendering active SVG content within the browser. - jan SECURITY: Fix XSS vulnerabilities in administration interface. - jan Support Redis Sentinel configuration Michael Menge , Request 14998. - jan Use file hashing for detecting...

5.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/28 3:31 p.m.4 views

exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp

Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer overflow via a crafted image file...

6.5CVSS6AI score0.01903EPSS
Exploits1References4
Source Incite
Source Incite
added 2020/04/25 12:0 a.m.25 views

SRC-2020-0017 : Foxit Reader Heap Buffer Overflow Remote Code Execution vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

8.8CVSS8.8AI score0.01799EPSS
Exploits1
OSV
OSV
added 2020/04/24 4:15 p.m.8 views

CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

8.8CVSS9.2AI score
Exploits0References5
OSV
OSV
added 2020/04/24 4:15 p.m.1 views

DEBIAN-CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

8.8CVSS8.6AI score0.01293EPSS
Exploits0References1
Prion
Prion
added 2020/04/24 4:15 p.m.26 views

Out-of-bounds

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

6.8CVSS8.8AI score0.01293EPSS
Exploits0References5Affected Software3
AlpineLinux
AlpineLinux
added 2020/04/24 3:54 p.m.33 views

CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

8.8CVSS9.2AI score0.01293EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/04/24 3:54 p.m.37 views

CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

8.8CVSS9.9AI score0.01293EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.34 views

Amazon Linux 2 : python-pillow (ALAS-2020-1412)

The version of python-pillow installed on the remote host is prior to 2.0.0-20.gitd1c6db8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1412 advisory. A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a lo...

9.8CVSS7.1AI score0.0369EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/04/17 12:0 a.m.6 views

The vulnerability of the unpacked_load_raw() function in the LibRaw image processing library allows a attacker to cause a service failure.

The vulnerability of the unpackedloadraw function in dcrawcommon.cpp in the LibRaw image processing library is related to type conversion errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

7.8CVSS6.7AI score0.02505EPSS
Exploits0References8Affected Software4
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.29 views

EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the 'crafted image file'...

10CVSS7AI score0.11959EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2020/04/15 12:0 a.m.36 views

Debian DLA-2173-1 : graphicsmagick security update

A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage function. For Debian 8 'Jessie', this problem has been fixed in version...

9.8CVSS8.1AI score0.05226EPSS
Exploits0References3
Veracode
Veracode
added 2020/04/10 12:18 a.m.22 views

Arbitrary Code Execution

cairo is vulnerable to arbitrary code execution. The vulnerability exists if an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application...

6.8CVSS4AI score0.05486EPSS
Exploits0References51Affected Software1
OSV
OSV
added 2020/04/08 5:12 p.m.6 views

MGASA-2020-0163 Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...

9.8CVSS9.5AI score0.01905EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/04/08 2:5 a.m.41 views

CVE-2020-6822

The Mozilla Foundation Security Advisory describes this flaw as: On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code...

8.8CVSS2.2AI score0.01293EPSS
Exploits0References4
OSV
OSV
added 2020/04/07 12:0 a.m.3 views

UBUNTU-CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

8.8CVSS7.4AI score0.01293EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2020/04/07 12:0 a.m.42 views

CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

8.8CVSS7.1AI score0.01293EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/04/07 12:0 a.m.59 views

Mozilla Firefox < 75.0

The version of Firefox installed on the remote Windows host is prior to 75.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-12 advisory. - Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some...

9.8CVSS7.8AI score0.01905EPSS
Exploits0References7
Rows per page
Query Builder