IrfanView 缓冲区错误漏洞

IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted RLE files...

DEBIAN-CVE-2020-35655

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...

Pillow 缓冲区错误漏洞

Gentoo is an open source Linux system from the Gentoo Foundation. Gentoo Linux prior to version 8.1.0 suffers from a buffer overflow vulnerability that stems from improper handling of system offsets and length tables, where SGIRleDecode has a 4-byte buffer overflow when decoding a carefully craft...

UBUNTU-CVE-2020-11538

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...

DEBIAN-CVE-2020-11760

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp...

UBUNTU-CVE-2020-11760

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp...

python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c

An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system...

PYSEC-2020-82

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow...

PYSEC-2020-82

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow...

PYSEC-2019-196

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

CVE-2019-12410

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

Adobe Acrobat Pro DC AcroForm Bitmap File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

GraphicsMagick buffer overread vulnerability (CNVD-2019-12506)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A heap buffer over-read vulnerability exists in the ReadMIFFImage function in coders/miff.c in GraphicsMagick 1.4 snapshot-20190322 Q8, which can be exploite...

DEBIAN-CVE-2019-11006

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet...

UBUNTU-CVE-2019-11006

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet...

PT-2019-11520 · Dcmtk +3 · Dcmtk +3

Name of the Vulnerable Software and Affected Versions: DCMTK versions 3.6.3 and below Description: The issue affects the DcmRLEDecoder component, specifically the decompress function in the dcrledec.h file. It can lead to a buffer overflow, resulting in possible code execution and confirmed Denia...

XnView Denial of Service Vulnerability (CNVD-2019-10272)

XnView is a multi-platform software that supports image viewing, conversion and editing. A denial of service vulnerability exists in XnView 2.45, which can be exploited by remote attackers to cause a denial of service via a specially crafted RLE file...

Vulnerability Spotlight: Computerinsel Photoline Multiple Vulnerabilities

Vulnerabilities discovered by Tyler Bohan from Talos Overview Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base...

Computerinsel Photoline PCX Run Length Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

ImageMagick 'coders/rle.c' Denial of Service Vulnerability

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A security vulnerability exists in ImageMagick versions prior to 7.0.5-10, which stems from the failure of the...