357 matches found
SUSE CVE-2007-6697
Buffer overflow in the LWZReadByte function in IMGgif.c in SDLimage before 1.2.7 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third...
SUSE CVE-2009-1097
Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...
SUSE CVE-2013-4298
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service memory corruption and application crash via a crafted comment in a GIF image...
SUSE CVE-2014-9709
The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function...
SUSE CVE-2018-17436
ReadCode in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service invalid write access via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file...
SUSE CVE-2020-10809
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service...
The vulnerability of the composite_frame() function in the GdkPixbuf image loading library allows a hacker to execute arbitrary code.
The vulnerability of the compositeframe function in the GdkPixbuf image loading library is related to buffer overflows during the processing of GIF format files. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
nterchange Code Injection vulnerability
A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...
GHSA-CP2P-6XH4-JMCP nterchange Code Injection vulnerability
A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...
nterchange 代码注入漏洞
nterchange is a library open source by nonfiction studios. It is used for content management. A code injection vulnerability exists in nterchange version 4.1.0 and earlier versions. Attackers exploit this vulnerability to cause code injection...
PT-2023-10188 · Unknown · Interchange
Name of the Vulnerable Software and Affected Versions: nterchange versions up to 4.1.0 Description: A critical issue affects the function getContent of the file app/controllers/code caller controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code...
The vulnerability of the Microsoft Visio graphical editor relates to writing beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Microsoft Visio graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially created DXF and DWG files...
[SECURITY] Fedora 36 Update: capnproto-0.9.2-1.fc36
Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange fo rmat and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protocol Buffers. Th...
CVE-2022-46149
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
Out-of-bounds
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-46149 Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-46149
CVE-2022-46149 affects Cap'n Proto and its Rust crate. The vulnerability is an out-of-bounds read caused by logic errors when handling a list-of-pointer type, which can lead to a remote segfault and, with additional actions, memory exfiltration. The issue is present in inlined code and requires r...
CVE-2022-46149
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-45198
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...
PYSEC-2022-42979
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...