Input validation

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...

UBUNTU-CVE-2023-40032

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...

OESA-2023-1350 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

SUSE CVE-2023-26965

loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image...

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548

The CVE-2023-30548 issue affects gatsby-plugin-sharp prior to versions 5.8.1 and 4.25.1, introducing a path traversal vulnerability when running the Gatsby develop server. By default, develop is bound to localhost, but if exposed (e.g., via --host 0.0.0.0, -H 0.0.0.0, or GATSBY_HOST=0.0.0.0), an ...

OpenImageIO TIFF file IPTC data information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1631 OpenImageIO TIFF file IPTC data information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41649 SUMMARY A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A...

Vulnerability of the new_node() function (libraw\src\x3f\x3futils_patched.cpp) in the LibRaw image processing library, which allows a hacker to trigger a service failure

The vulnerability of the newnode function libraw\src\x3f\x3futilspatched.cpp in the LibRaw image processing library is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Libjpeg-turbo image processing library, related to writing beyond the buffer boundaries, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Libjpeg-turbo library for image processing is related to improper compression/decompression of gigapixel images. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service interruptions...

python-pillow security update

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-pillow packages contain a Python image processing library th...

USN-5143-1: Leptonica vulnerability

It was discovered that Leptonica incorrectly handled certain image files. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact...

DEBIAN-CVE-2022-22815

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

Fedora: Security Advisory for python2-pillow (FEDORA-2021-9f020cf155)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the `formatIPTCfromBuffer` function in the `coders/meta.c` component of the ImageMagick console graphics editor allows an attacker to access confidential data and cause a service failure.

The vulnerability of the formatIPTCfromBuffer function in the coders/meta.c file of the ImageMagick console graphics editor involves an operation that outputs values within acceptable buffer limits. Exploiting this vulnerability allows an attacker to access confidential data and also trigger a...

Freeimage Parses Inventory in Integer Overflow Vulnerability

freeimage is a free , open source , cross-platform Windows, Linux and Mac OS X , supports more than 20 types of images such as BMP, JPEG, GIF, PNG, TIFF , etc. image processing library . The Freeimage parsing library suffers from an integer overflow vulnerability, which can be exploited by...

Debian DLA-2612-1 : leptonlib security update

Several issues have been found by ClusterFuzz in leptonlib, an image processing library. All issues are related to heap-based buffer over-read in several functions or a denial of service application crash with crafted data. For Debian 9 stretch, these problems have been fixed in version...

Pillow Buffer Overflow Vulnerability (CNVD-2021-54033)

Pillow is a Python-based image processing library. buffer overflow vulnerability exists in versions of Pillow prior to 8.1.1, which stems from the presence of a negative offset memcpy with an invalid size in TiffDecode.c. No details of the vulnerability are currently available...

Fedora: Security Advisory for python2-pillow (FEDORA-2021-0ece308612)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Leptonica heap buffer overflow vulnerability (CNVD-2021-19745)

Leptonica is an open source library containing software widely used in image processing and image analysis applications. A heap buffer overflow vulnerability exists in findNextBorderPixel in ccbord.c in versions of Leptonica prior to 1.80.0. No details of the vulnerability are provided at this ti...

UBUNTU-CVE-2020-17507

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. readxbmbody in gui/image/qxbmhandler.cpp has a buffer over-read...