PT-2022-4361 · Hdf5 +3 · Libhdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 Group libhdf5 version 1.10.4 Description: An out-of-bounds write issue exists in the gif2h5 functionality, allowing code execution through a specially-crafted GIF file. An attacker can trigger this issue by providing a malicious file,...

The vulnerability of the check function of the Cisco Adaptive Security Device Manager (ASDM) in the Cisco Adaptive Security Appliance Software (ASA) allows a hacker to execute arbitrary code.

The vulnerability of the Cisco Adaptive Security Device Manager ASDM verification function in the Cisco Adaptive Security Appliance Software ASA lies in insufficient data authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafte...

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...

Tuxera NTFS-3G 缓冲区错误漏洞

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by attackers to potentially trigger out-of-bounds access via a crafted NTFS image...

Tuxera NTFS-3G 缓冲区错误漏洞

NTFS-3G is a stable, full-featured, read/write NTFS driver for Linux, Android, Mac OS X, FreeBSD, NetBSD, OpenSolaris, QNX, Haiku and other operating systems. An out-of-bounds read vulnerability exists in ntfsielookup in versions prior to NTFS-3G 2021.8.22. An attacker can exploit this...

The vulnerabilities of the functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage in the console image editor ImageMagick components, related to the lack of data validation, allow attackers to trigger service interruptions.

The vulnerability of the functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage in the ImageMagick console graphic editor’s code components coders/dcm.c, coders/pwp.c, coders/cals.c, and coders/p Pict.c is related to the lack of data validation during function execution. Exploitin...

ffjpeg Stack Buffer Overflow Vulnerability

ffjpeg is a simple jpeg encoding and decoding implementation. A stack buffer overflow vulnerability exists in the jfifdecode function in ffjpeg/src/jfif.c:513:28 in ffjpeg 2020-07-02 and earlier. An attacker can exploit this vulnerability to cause a denial of service by submitting a malicious jpe...

UBUNTU-CVE-2021-29457

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An...

Exiv2 heap buffer overflow vulnerability (CNVD-2021-29115)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. Exiv2 suffers from a heap buffer overflow vulnerability. The vulnerability stems from improper validation of input to the rawData.size property in Jp2Image::readMetadata in jp2image.cpp. An attacker could...

MapifyLite < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the Image URL either in the settings or in a location, allowing editor+ users to use a malicious payload, leading to Stored Cross-Site Scripting issues. Notes WPScanTeam: - The vendor has been notified on March 24th, 2021 - The pro version is very likely to be...

PT-2021-17150 · Unknown +3 · Godot Engine +3

Name of the Vulnerable Software and Affected Versions: Godot Engine versions up to v3.2 Description: An integer overflow issue exists in the Godot Engine that can be triggered when loading specially crafted .TGA image files. The issue is located in the ImageLoaderTGA::load image function and lead...

Apple CoreMedia Buffer Error Vulnerability

Apple CoreMedia is an Apple Inc. core component used in mobile devices for processing media data. Apple CoreMedia suffers from a buffer error vulnerability that exists due to a boundary condition within the CoreMedia component in macOS. A remote attacker could create a specially crafted image and...

Multiple Apple products ImageIO component out-of-bounds read vulnerability (CNVD-2020-65947)

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple iPadOS is an operating system for iPad tablets. Apple iOS before 13.6, iPadOS before 13.6, macOS Catalina before 10.15.6, tvOS before 13.4.8, watchOS before 6.2.8, iTunes for...

Heap Overwrite Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58814)

LightShadow Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap of out-of-bounds writing vulnerabilities, an attacker can construct a special picture to cause the software to crash, and ca...

Heap Overwrite Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58811)

LightShadow Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap of out-of-bounds writing vulnerabilities, an attacker can construct a special picture to cause the software to crash, and ca...

The vulnerability of the WriteTGAImage function in the GraphicsMagick graphics editor allows an attacker to cause a service failure by causing the operation to exceed the buffer limits in memory.

The vulnerability of the WriteTGAImage function in the GraphicsMagick graphics editor is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by using a specially created image file...

CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...

PT-2019-12568 · Google +1 · Android-Gif-Drawable +1

Name of the Vulnerable Software and Affected Versions: android-gif-drawable versions prior to 1.2.18 WhatsApp for Android versions prior to 2.19.244 Description: A double free vulnerability in the DDGifSlurp function in the android-gif-drawable library allows remote attackers to execute arbitrary...

dcraw Buffer Overflow Vulnerability

dcraw is a U.S. software developer David J. Coffin developed a set of open source for the camera to shoot the RAW film into PPM or TIFF format picture tool . A buffer overflow vulnerability exists in the 'findgreen' function in dcraw version 9.28 and earlier used in ufraw-batch and other devices....

UBUNTU-CVE-2018-18439

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image...