CVE-2023-29407 Excessive CPU consumption when decoding 0-height images in golang.org/x/image/tiff

A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size width height appearing to be zero...

PT-2023-6960 · Golang +2 · Golang +2

Name of the Vulnerable Software and Affected Versions: Golang affected versions not specified Description: The issue is related to excessive CPU consumption during decoding. A maliciously-crafted image, specifically a tiled image with a height of 0 and a very large width, can cause this excessive...

CVE-2022-48512

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

CVE-2022-48512

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

Design/Logic Flaw

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

CVE-2022-48512

CVE-2022-48512 is a Use-After-Free (UAF) vulnerability in the Vdecoderservice component used by Huawei HarmonyOS/EMUI and related platforms. The issue, if exploited, may cause the image decoding feature to behave abnormally. Public documentation among the connected records confirms Vdecoderservic...

CVE-2022-48512

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

CVE-2022-48512

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

PT-2023-15838 · Unknown · Vdecoderservice

Name of the Vulnerable Software and Affected Versions: Vdecoderservice affected versions not specified Description: The issue is related to a Use After Free UAF vulnerability in the Vdecoderservice service. This vulnerability may cause the image decoding feature to perform abnormally when...

Huawei HarmonyOS 资源管理错误漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI have a memory misreference...

The vulnerability of the Pillow image processing library, related to uncontrolled resource consumption, allows a hacker to perform a type of “denial-of-service” attack.

The vulnerability of the Pillow image-processing library lies in the fact that the application does not properly control the consumption of internal resources in TiffImagePlugin.py during the context setting for image decoding. Exploiting this vulnerability allows a remote attacker to trigger...

SUSE CVE-2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the 1 cupsImageReadTIFF function in the imagetops filter...

SUSE CVE-2010-0849

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

SUSE CVE-2016-8710

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggere...

SUSE CVE-2019-13111

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service large heap allocation followed by a very long running loop via a crafted WEBP image file...

SUSE CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

SUSE CVE-2020-35653

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations...

Ubuntu: Security Advisory (USN-92-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

stb 输入验证错误漏洞

stb is a single-file public domain library for C/C ++. A security vulnerability exists in nothings stb version 2.27, which originates from an integer overflow in function stbijpegdecodeblockprogdc in the stbimage.h file. An attacker can exploit this vulnerability to cause a denial of service atta...

PYSEC-2022-149

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...