grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling

A flaw was found in grub2 when handling a PNG image header. When decoding the data contained in the Huffman table at the PNG file header, an out-of-bounds write may happen on grub's heap...

grub2 缓冲区错误漏洞

grub2 is a Linux system boot program from the GNU community. A buffer error vulnerability exists in grub2, which can be exploited by an attacker to cause out-of-bounds writes during Huffman table processing via a carefully crafted PNG image...

grub2 缓冲区错误漏洞

grub2 is a Linux system boot program from the GNU community. A buffer error vulnerability exists in grub2, which can be exploited by an attacker to cause an out-of-bounds write in the heap via a carefully crafted PNG grayscale image...

The vulnerability of the sixel_encoder_output_without_macro function in the encoder.c component of the SIXEL Libsixel encoder/decoder implementation allows a hacker to cause a service failure.

The vulnerability of the sixelencoderoutputwithoutmacro function in the encoder.c component of the SIXEL Libsixel encoder/decoder implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to cause a service failure by converting a speciall...

CVE-2022-27938

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

Home Owners Collection Management System 代码问题漏洞

A remote code execution vulnerability exists in Home Owners Collection Management System, a homeowner collection management system, which can be exploited by attackers to execute arbitrary code via a crafted PNG file...

ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and several other file formats. ok-file-formats 203defd suffers from a buffer error vulnerability that allows an attacker to trigger a buffer overflow via the function okpngtransformscanline in /okpng.c:494...

CVE-2021-46604

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

PYSEC-2022-148

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

PT-2022-16101 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.0 through 2.7.0 will be fixed in 2.7.1 TensorFlow versions 2.6.0 through 2.6.2 will be fixed in 2.6.3 TensorFlow versions 2.5.0 through 2.5.2 will be fixed in 2.5.3 Description: A...

CVE-2021-43022

Adobe Premiere Rush version 1.5.16 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability...

Nomacs 安全漏洞

Nomacs is a free open source image viewer for viewing all common image formats, including Raw and Psd images. It is used to view all common image formats, including Raw and Psd images. Nomacs v3.15.0 contains a security vulnerability that could be exploited by an attacker to cause a denial of...

UBUNTU-CVE-2020-21677

A heap-based buffer overflow in the sixelencoderoutputwithoutmacro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service DOS via converting a crafted PNG file into Sixel format...

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

CVE-2021-27037

A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code...

The vulnerability of the WriteOnePNGImage() function in the ImageMagick console graphics editor’s coders/png.c component allows a attacker to cause a service failure by reading data beyond the allowed buffer limits.

The vulnerability of the WriteOnePNGImage function in the ImageMagick console graphics editor’s coders/png.c file is related to an incorrect condition for exiting a loop. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created file...

CVE-2021-29531

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

ALPINE-CVE-2020-27814

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application...

AZL-45072 CVE-2020-27814 affecting package openjpeg2 for versions less than 2.3.1-12

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application...

Barco Transform NDN Device Command Injection Vulnerability

The Barco Transform NDN Device is a PC-based network graphics processor from Barco in the Netherlands. The device displays encoded streams from Gbit Ethernet/IP networks and supports formats such as H-264, MPEG-4, MPEG-2, MJPEG, V2D and ProServer. A security vulnerability exists in the Barco...