CVE-2024-27335

Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

Kofax Power PDF 安全漏洞

Kofax Power PDF is a professional PDF editing and management software from Kofax. A security vulnerability exists in Kofax Power PDF that stems from a specific flaw in the handling of PNG files that lacks proper validation of user-supplied data, allowing a remote attacker to read information on a...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free due to the InitializeImage function in the PngDecoderCore.cs file. An attacker can potentially lead to information disclosure by passing a specially crafted PNG image file for conversion. Remediation Upgrade...

The vulnerability of the library for working with PNG bitmap graphics, due to insufficient input data validation, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the library for working with PNG bitmap graphics involves insufficient validation of input data. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

ZPLGFA Input Validation Error Vulnerability

ZPLGFA is a Go package from Simon Waldherr's personal developer. It is used to convert PNG, JPEG and GIF encoded graphic files into ZPL compatible ^GF elements graphic fields. A security vulnerability exists in ZPLGFA version 1.1.1, which stems from allowing an attacker to cause a panic with a...

PT-2023-8810 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required, where the target must visit a malicious page...

Alkacon Software OpenCMS 跨站脚本漏洞

Alkacon Software OpenCMS is Germany's Alkacon Software a set of open source Java and XML-based content management system CMS. The system supports template engine, WYSIWYG editor and so on. A security vulnerability exists in Alkacon Software OpenCMS version 15.0, which is caused by an arbitrary fi...

PT-2023-25910 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file...

USN-5855-4 imagemagick vulnerabilities

USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening ...

SUSE CVE-2004-0421

The Portable Network Graphics library libpng 1.0.15 and earlier allows attackers to cause a denial of service crash via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message...

SUSE CVE-2006-3334

Buffer overflow in the pngdecompresschunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunkname"...

SUSE CVE-2006-5793

The sPLT chunk handling code pngsetsPLT function in pngset.c in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service crash via malformed sPLT chunks that trigger an out-of-bounds read...

SUSE CVE-2008-1382

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory...

SUSE CVE-2008-5286

Integer overflow in the cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow...

SUSE CVE-2008-5907

The pngcheckkeyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0'...

SUSE CVE-2009-1097

Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...

SUSE CVE-2009-2688

Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service crash or execute arbitrary code via 1 the tiffinstantiate function processing a crafted TIFF file, 2 the pnginstantiate function processing a crafted PNG...

SUSE CVE-2011-3045

Integer signedness error in the pnginflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PNG file, a...

SUSE CVE-2012-3425

The pngpushreadzTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service out-of-bounds read via a large availin field value in a PNG image...

SUSE CVE-2012-3438

The Magickpngmalloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service crash via a crafted PNG file that triggers incorrect memory allocation...