ImageMagick memory leak vulnerability (CNVD-2017-25389)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A memory leak vulnerability exists in the WriteMSLImage of the coders/msl.c file in ImageMagick version 7.0.6-2. An...

Gdk-Pixbuf JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability

Summary An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. Tested...

CVE-2017-12920

CVE-2017-12920 affects libfpx version 1.3.1_p6; the vulnerability is a denial of service caused by a NULL pointer dereference in CDirectory::GetDirEntry in dir.cxx when parsing a crafted FlashPIX (fpx) image. The connected sources describe a remote trigger via a crafted image; no exploitation sta...

The vulnerability lies in the image processing mechanism when dealing with EMF files related to text output, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader Document Cloud. This allows a perpetrator to execute arbitrary code.

The vulnerability lies in the image processing mechanism when dealing with EMF files related to text output, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader Document Cloud. It arises due to the execution of an operation...

The vulnerability lies in the image processing mechanism when dealing with EMF files related to path visualization, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader Document Cloud. This allows a perpetrator to execute arbitrary code.

The vulnerability in the image processing mechanism during the processing of EMF files related to path visualization, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader, Adobe Reader Document Cloud, arises due to the executi...

The vulnerability lies in the image processing mechanism when dealing with EMF files related to raster displays, PDF editor programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF viewer programs like Adobe Reader Document Cloud. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability in the image processing mechanism during the processing of EMF files related to raster display transformations, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader, Adobe Reader Document Cloud, arises due to...

ImageMagick memory leak vulnerability (CNVD-2017-25053)

ImageMagick is the United States ImageMagick Studio company's set of open source image processing software. A memory leak vulnerability exists in the 'ReadMATImage' function of the ImageMagick coders/mat.c file, which allows remote attackers to exploit the vulnerability to construct malicious fil...

GraphicsMagick buffer overflow vulnerability (CNVD-2017-237216)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A buffer overflow vulnerability exists in the 'GetStyleTokens' function in coders/svg.c:314:12 in GraphicsMagick version 1.3.26. An attacker can exploit this...

CVE-2017-12864

In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier...

The vulnerability of the DriverFileUploadServlet server servlet in the web application, which is designed for managing and monitoring printing devices and image processing, allows a perpetrator to delete any file.

The vulnerability of the DriverFileUploadServlet web application, which is designed for managing and monitoring printing devices and image processing, exists due to an incorrect path limitation for the restricted directory. Exploiting this vulnerability could allow a malicious actor to delete any...

The vulnerability of the FileUploadController servlet in the web application, which is designed for managing and monitoring printing devices and image processing. SyncThru 6 allows a perpetrator to execute arbitrary code with system privileges.

The vulnerability of the FileUploadController servlet in the web application, which is designed for managing and monitoring printing devices and image processing, exists due to an incorrect path limitation for the restricted directory. Exploiting this vulnerability allows a malicious actor to...

CVE-2017-12428

In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c...

Debian DLA-1055-1 : libgd2 security update

Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a...

CVE-2017-11269

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF image stream data. Successful exploitatio...

Wolf in sheep's clothing: how to use the Windows icon to display the vulnerability disguise a PE file-vulnerability warning-the black bar safety net

One, Foreword Windows System icon to display the function in the presence of a vulnerability, exploit this vulnerability, the attacker may be from the local host to automatically “borrow“ other commonly used icons, use these icon camouflage PE file, thereby tempting the user to click on such a...

ImageMagick Denial of Service Vulnerability (CNVD-2017-21004)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in the 'DestroyImage' function of the MagickCore/image.c file in ImageMagick...

CVE-2017-12605

OpenCV Open Source Computer Vision Library (up to 3.3) contains an out-of-bounds write in FillColorRow8 (utils.cpp) when reading images via cv::imread, as identified in CVE-2017-12605. Connected sources confirm the affected component and function, and multiple advisories surface the risk across d...

CVE-2017-12604

OpenCV CVE-2017-12604 affects OpenCV up to version 3.3, where an out-of-bounds write occurs in FillUniColor (utils.cpp) when reading an image via cv::imread. The vulnerability is tied to memory write behavior and is documented across multiple advisories; Debian LTS notes patches in 2.4.9.1+dfsg1-...

CVE-2017-12606

OpenCV (Open Source Computer Vision Library) up to version 3.3 is affected by CVE-2017-12606 due to an out-of-bounds write in FillColorRow4 in utils.cpp when reading an image with cv::imread. The described impact is memory corruption, with exploitation status not provided in the supplied document...

CVE-2017-12597

OpenCV Open Source Computer Vision Library (