DEBIAN-CVE-2020-25664

In WriteOnePNGImage of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory and memset allows for an out-of-bounds write later when PopShortPixel from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply ...

ImageMagick Studio ImageMagick 安全漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.0.8-68 that stems...

libpng security update

CentOS Errata and Security Advisory CESA-2020:3901 An update for libpng is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

PT-2021-6712 · Libsixel +1 · Libsixel +1

Name of the Vulnerable Software and Affected Versions: libsixel versions prior to 1.8.4 Description: The issue in the dither.c component of libsixel allows attackers to cause a denial of service via a crafted PNG file. This is related to errors in resource release. Exploitation of the issue enabl...

Low: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2020-12837

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used...

exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunkint.cpp may cause a denial of service application crash due to a heap-based buffer over-read via a crafted PNG file...

Denial Of Service (DoS)

cups is vulnerable to denial of service DoS. The vulnerability exists as an integer overflow flaw leading to a heap buffer overflow was discovered in the Portable Network Graphics PNG decoding routines used by the CUPS image converting filters "imagetops" and "imagetoraster". An attacker could...

The vulnerability in the `png_create_info_struct` function of the PNG bitmap graphics library allows a attacker to cause a denial-of-service attack.

The vulnerability of the pngcreateinfostruct function in the library for working with PNG bitmap graphics in libpng is related to improper memory release before deleting the last reference. Exploiting this vulnerability can allow an attacker to cause service interruptions through various network...

Accusoft ImageGear PNG header-parser buffer overflow vulnerability

Accusoft ImageGear is a software development toolkit for image processing from Accusoft Corporation. A buffer overflow vulnerability exists in the Accusoft ImageGear PNG header-parser, which can be exploited by a remote attacker to submit a request for a special PNG file and trick the user into...

The vulnerability in the software for creating 3D computer graphics with Blender arises from a full-integer overflow, allowing an attacker to execute arbitrary code.

The vulnerability of Blender’s software for creating 3D computer graphics arises from a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created PNG file...

The vulnerability of the ReadOneJNGImage function (coders/png.c) in the cross-platform library for working with graphics, GraphicsMagick, allows a hacker to execute arbitrary code.

The vulnerability of the ReadOneJNGImage function coders/png.c in the cross-platform library for working with graphics, GraphicsMagick, is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code...

The vulnerability of the `avcodec_default_get_buffer` function in `utils.c` of the Libavcodec library, which is part of the multimedia libraries of Ffmpeg, allows a hacker to execute arbitrary code.

The vulnerability of the avcodecdefaultgetbuffer function in the utils.c file of the Libavcodec library, which is part of the multimedia libraries of Ffmpeg, is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a...

libpng: use-after-free in png_image_free in png.c

A vulnerability was found in libpng where a use-after-free issue exists in the pngimagefree function within png.c. This vulnerability can be exploited by persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service...

exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file

The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file...

advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c

An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function advpngunfilter8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service Segmentation fault or possibly have unspecified other...

PT-2020-6191 · Openjpeg +9 · Openjpeg2 +9

Name of the Vulnerable Software and Affected Versions: openjpeg2 affected versions not specified Description: A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. This issue could allow an attacker to cause an application crash or, in some cases, execute arbitra...

USN-4056-1 exiv2 vulnerabilities

It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-19107, CVE-2018-19108 It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denia...

Exiv2 Resource Management Error Vulnerability

Exiv2 is a set of C++ libraries and command line applications for managing image metadata by Andreas Huggel programmers. The product provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. Exiv2 is vulnerable to a resource management error. An...

ALPINE-CVE-2019-13112

A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to an std::badalloc exception via a crafted PNG image file...