SUSE CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

Fedora 36 : OpenImageIO (2022-e63bc3eca2)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e63bc3eca2 advisory. Update to 2.3.21.0. Security fix for CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977...

CVE-2022-41639

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a...

CVE-2022-41639

OpenImageIO CVE-2022-41639 is a heap-based buffer overflow in the TIFF tile decoding code, present in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially crafted TIFF file can trigger out-of-bounds memory corruption, potentially leading to arbitrary code execution. Public advisories (De...

CVE-2022-41639

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a...

CVE-2022-41639

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a...

Heap overflow

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a...

UBUNTU-CVE-2022-41639

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a...

OpenImageIO TIFF tile pels decoding heap-based buffer overflow

Talos Vulnerability Report TALOS-2022-1633 OpenImageIO TIFF tile pels decoding heap-based buffer overflow December 22, 2022 CVE Number CVE-2022-41639 SUMMARY A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and...

PT-2022-6799 · Unknown +2 · Openimageio +2

Name of the Vulnerable Software and Affected Versions: OpenImageIO versions master-branch-9aeece7a through v2.3.19.0 Description: A heap-based buffer overflow vulnerability exists in the tile decoding code of the TIFF image parser. This issue can be triggered by a specially-crafted TIFF file,...

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

GHSA-G2J5-7VGX-6XRX OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

CVE-2021-21946

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based...

CVE-2021-21947

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based...

CVE-2021-21942

The CVE-2021-21942 entry concerns Accusoft ImageGear 19.10 and the TIFF YCbCr image parser. The root cause is a missing size check in the TIFF_YCbCr_to_RGB conversion when handling YCbCrSubsampling, combined with how buffers are allocated for dst_ptr across YC bCr horizontal subsampling. This can...

Accusoft ImageGear TIFF YCbCr image parser out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.1...

CVE-2021-36070

Adobe Media Encoder version 15.1 and earlier is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a...

GitLab 代码注入漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A code injection vulnerability exists in Gitlab Community Edition that stems...

tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade ...

BugPoC: LFI from bypassing image parser and faking HEAD response with redirection

Summary: add summary of the vulnerability By specially crafted request, a fake python3 http server and exploit.py we can read any files from the server Supporting Material/References: list any additional material e.g. screenshots, logs, etc. Bugpoc id: bp-HdMxEwwr bp-HdMxEwwr Bugpoc pass:...