PYSEC-2022-149

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., , the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode. However,...

PYSEC-2022-93

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

The vulnerability of the OpenJPEG library for image encoding and decoding, related to reading data beyond the buffer’s acceptable limits, allows attackers to cause service failures.

The vulnerability of the OpenJPEG library for image encoding and decoding is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

UBUNTU-CVE-2021-44648

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12...

CVE-2021-44648

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12...

Mozilla Firefox Security Advisory (MFSA2013-97) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

NewStart CGSL CORE 5.05 / MAIN 5.05 : spice-gtk Vulnerability (NS-SA-2021-0164)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has spice-gtk packages installed that are affected by a vulnerability: - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the...

The vulnerability of the image decoding process in QUIC systems of the Rendering of Remote Virtual Desktops SPICE software lies in the copying of buffers without checking the size of the input data. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the image decoding process in the QUIC rendering system for remote virtual desktops SPICE involves copying buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, a...

SUSE SLES15 Security Update : spice (SUSE-SU-2021:1956-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1956-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE-SU-2021:1940-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2021-25290: Fixed a negative-offset memcpy with an invalid size in TiffDecode.c bsc1183105. - CVE-2021-27922,CVE-2021-27923: Fixed improper reported size of a contained image bsc1183108,bsc1183107 - CVE-2020-35653: Fixed buffer...

SUSE SLES15 Security Update : spice-gtk (SUSE-SU-2021:1911-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1911-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE SLES12 Security Update : spice (SUSE-SU-2021:1902-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1902-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE: Security Advisory (SUSE-SU-2014:0248-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : spice (SUSE-SU-2021:1901-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1901-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE: Security Advisory (SUSE-SU-2015:1383-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2021-25290

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...

NewStart CGSL CORE 5.04 / MAIN 5.04 : spice Vulnerability (NS-SA-2021-0040)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has spice packages installed that are affected by a vulnerability: - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPI...

NewStart CGSL MAIN 6.02 : spice-gtk Vulnerability (NS-SA-2021-0075)

The remote NewStart CGSL host, running version MAIN 6.02, has spice-gtk packages installed that are affected by a vulnerability: - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE clien...

OESA-2021-1082 spice security update

The SPICE package provides the SPICE server library and client. These components are used to provide access to a remote machine's display and devices. Security Fixes: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...