Lucene search
K

2249 matches found

Talos
Talos
added 2018/10/31 12:0 a.m.514 views

Simple DirectMedia Layer SDL2_Image do_layer_surface code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS9AI score0.03479EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2018/10/30 9:45 a.m.3 views

LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp

An out-of-bounds read flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

8.8CVSS7.3AI score0.01974EPSS
Exploits1References5
Fedora
Fedora
added 2018/10/05 5:11 p.m.32 views

[SECURITY] Fedora 28 Update: CImg-2.3.6-1.fc28

The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...

7.8CVSS0.9AI score0.01371EPSS
Exploits8
Fedora
Fedora
added 2018/10/05 4:6 p.m.22 views

[SECURITY] Fedora 29 Update: CImg-2.3.6-1.fc29

The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...

7.8CVSS0.9AI score0.01371EPSS
Exploits8
Fedora
Fedora
added 2018/10/05 3:59 p.m.32 views

[SECURITY] Fedora 27 Update: gmic-2.3.6-1.fc27

G'MIC is an open and full-featured framework for image processing, providing several different user interfaces to convert/manipulate/filter/visualize generic image datasets, from 1d scalar signals to 3d+t sequences of multi-spectral volumetric images...

7.8CVSS2.6AI score0.01371EPSS
Exploits8
Fedora
Fedora
added 2018/10/05 3:59 p.m.25 views

[SECURITY] Fedora 27 Update: CImg-2.3.6-1.fc27

The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...

7.8CVSS0.9AI score0.01371EPSS
Exploits8
BDU FSTEC
BDU FSTEC
added 2018/09/18 12:0 a.m.5 views

The vulnerability of the Windows operating system, related to errors in image processing, allows a hacker to execute arbitrary code.

The vulnerability of the Windows operating system is related to errors in processing image files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted image file from a remote location...

10CVSS8.3AI score0.14646EPSS
Exploits0References2
CNVD
CNVD
added 2018/09/13 12:0 a.m.1 views

Socusoft Photo To Video Converter Handles BMP with Memory Corruption Vulnerability

Socusoft Photo To Video Converter is a free slideshow maker that converts a bunch of photos into one video file. Socusoft Photo To Video Converter handles BMP with a memory corruption vulnerability that can be exploited by attackers to cause the program to crash by constructing malformed BMP imag...

7AI score
Exploits0
OSV
OSV
added 2018/09/10 1:5 p.m.8 views

SUSE-SU-2018:2676-1 Security update for tiff

This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tifpackbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of...

9.8CVSS8AI score0.13722EPSS
Exploits3References9
OSV
OSV
added 2018/09/01 12:0 a.m.5 views

UBUNTU-CVE-2018-16323

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the...

6.5CVSS6.8AI score0.49324EPSS
Exploits3References4
Hacker One
Hacker One
added 2018/08/29 10:23 a.m.51 views

pixiv: RCE due to ImageTragick v2

Hello Pixiv team! Your Image processing process suffering from ImageTragick v2. Issue is caused by ghostscript RCE findnings. How to reproduce: PATCH /design Host: manage.booth.pm send following image: ------WebKitFormBoundaryXX05yrKS4g8d9CWh Content-Disposition: form-data; name="shopheader";...

0.4AI score
Exploits0
myhack58
myhack58
added 2018/08/23 12:0 a.m.508 views

ghostscript command execution vulnerability alerts-a vulnerability alert-the black bar safety net

8 on the 21st, Tavis Ormandy disclosed by the mail list hxxps://bugs. chromium. org/p/project-zero/issues/detail? id=1640, and again that ghostscript security sandbox can be bypassed by constructing a malicious image content, can cause the command execution. ghostscript is widely used, ImageMagic...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/22 8:27 a.m.171 views

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Google Project Zero's security researcher has discovered a critical remote code execution RCE vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on differen...

7.8CVSS0.1AI score0.96968EPSS
Exploits7
Debian
Debian
added 2018/08/17 7:28 a.m.23 views

[SECURITY] [DSA 4276-1] php-horde-image security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4276-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 17, 2018 https://www.debian.org/security/faq -...

6.8CVSS1.2AI score0.03986EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2018/08/01 4:29 p.m.32 views

CVE-2016-9572

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...

6.5CVSS6.9AI score0.02175EPSS
Exploits1References3
OSV
OSV
added 2018/08/01 4:29 p.m.8 views

CVE-2016-9572

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...

6.5CVSS8.5AI score0.02175EPSS
Exploits1References7
CVE
CVE
added 2018/08/01 4:0 p.m.90 views

CVE-2016-9572

CVE-2016-9572 : OpenJPEG 2.1.2 contains a NULL pointer dereference when decoding certain input images due to a logic error in the decoding path, which could cause an application crash. Public references describe this as a vulnerability in the OpenJPEG JPEG 2000 codec with multiple advisories noti...

6.5CVSS7AI score0.02175EPSS
Exploits1References7Affected Software1
Talos Blog
Talos Blog
added 2018/07/11 11:0 a.m.20 views

Vulnerability Spotlight: Computerinsel Photoline Multiple Vulnerabilities

Vulnerabilities discovered by Tyler Bohan from Talos Overview Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base...

1.8AI score0.01484EPSS
Exploits3
Talos
Talos
added 2018/07/11 12:0 a.m.53 views

Computerinsel Photoline ANI Parsing Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this...

8.8CVSS8.2AI score0.01469EPSS
Exploits1
Talos
Talos
added 2018/07/11 12:0 a.m.44 views

Computerinsel Photoline PSD Blending Channel Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerabili...

8.8CVSS8.2AI score0.01469EPSS
Exploits1
Rows per page
Query Builder