21 matches found
Astra Linux – Vulnerability in pillow
A issue was discovered in Pillow before version 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a denial-of-service attack on Image.open prior to Image.load...
USN-6644-2 tiff vulnerabilities
USN-6644-1 fixed vulnerabilities in LibTIFF. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly u...
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on: Live Centos & Litespeed...
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting XSS Date: 19/01/2023 Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on: Live...
USN-5143-1 leptonlib vulnerability
It was discovered that Leptonica incorrectly handled certain image files. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact...
USN-5227-2 pillow vulnerabilities
USN-5227-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a...
USN-5150-1 openexr vulnerability
It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash...
USN-5060-2 ntfs-3g vulnerabilities
USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary co...
USN-5060-1 ntfs-3g vulnerabilities
It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code...
USN-5043-1 exiv2 vulnerabilities
It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622 It was discovered that Exiv2 incorrectly handled certain image files. An attacker could...
PT-2021-7872 · Offis +5 · Dcmtk +5
Name of the Vulnerable Software and Affected Versions: OFFIS DCMTK versions prior to 3.6.7 Description: The issue is related to a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. This vulnerability is associated with errors in...
CVE-2020-7823 DaviewIndy Multiple Vulnerabilities
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution...
USN-4232-1 graphicsmagick vulnerabilities
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4207-1 graphicsmagick vulnerabilities
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4206-1 graphicsmagick vulnerabilities
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042,...
MS16-130: Security Update for Microsoft Windows (3199172)
The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the Windows image file handling functionality due to improper handling of image files. An unauthenticated, remot...
Oracle: Security Advisory (ELSA-2007-0513)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3039-1 : chromium-browser - security update
Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. - CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium...
IrfanView < 4.33 Boundary Error Multiple Image File Handling Remote Overflow
The remote Windows host contains a version of IrfanView earlier than 4.33. As such, it is reportedly affected by a heap-based buffer overflow vulnerability due to the way the application handles RLE compressed bitmap files. An attacker could trick a user into opening specially crafted DIB, RLE, o...
eyeOS 1.9.0.2 - Image File Handling HTML Injection
eyeOS 1.9.0.2 - Image File Handling HTML Injection source: https://www.securityfocus.com/bid/47629/info eyeOS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input passed through image content before using it in dynamically generated content...