Mageia: Security Advisory (MGASA-2023-0020)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious Package

Overview texture-allocator is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

SUSE CVE-2012-2826

Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

SUSE CVE-2013-6665

Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resourceprovider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper...

SUSE CVE-2015-0824

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service out-of-bounds write of zero values, and application crash via vectors that trigger use of DrawTarget and the Cairo library for image drawing...

SUSE CVE-2015-7212

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation...

SUSE CVE-2016-2828

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool...

SUSE CVE-2017-2927

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-2933

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-2934

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-3078

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format ATF module. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-5580

The parseinstruction function in gallium/auxiliary/tgsi/tgsitext.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service out-of-bounds array access and process crash via a crafted texture instruction...

SUSE CVE-2018-6079

Inappropriate sharing of TEXTURE2DARRAY/TEXTURE3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

SUSE CVE-2018-12294

WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object...

SUSE CVE-2018-17466

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

SUSE CVE-2018-18504

A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox 65...

SUSE CVE-2020-8003

A double-free vulnerability in vrendrenderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrendrendererresourceallocatedtexture is not an appropriate place for a free...

SUSE CVE-2022-4743

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...

SUSE CVE-2022-30293

In WebKitGTK through 2.36.0 and WPE WebKit, there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp...

Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader

Impact A memory overwrite bug was reported by a security researcher in the ConvertToSinglePlane method via the texconv command-line tool when given an invalid height for planar video textures such as NV12. This can be a potential security bug for any clients of the library who follow the same...