48 matches found
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read in the WaveletDenoise process when handling images with small dimensions. An attacker can access sensitive information from adjacent memory by submitting specially crafted image files. Remediation A fix was pushed into...
PT-2026-22046
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. A heap buffer over-read issue arises when processing an image with small...
EUVD-2021-2217
Malware in sbrugna...
Golang TIFF decoder does not place a limit on the size of compressed tile data
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height, and encoded size to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU...
UBUNTU-CVE-2023-29408
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height, and encoded size to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU...
SUSE CVE-2019-19624
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of t...
DEBIAN-CVE-2019-19624
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of t...
OpenX banner-edit.php File Upload PHP Code Execution
This module exploits a vulnerability in the OpenX advertising software. In versions prior to version 2.8.2, authenticated users can upload files with arbitrary extensions to be used as banner creative content. By uploading a file with a PHP extension, an attacker can execute arbitrary PHP code...