[SECURITY] Fedora 25 Update: autotrace-0.31.1-49.fc25

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

[SECURITY] Fedora 26 Update: inkscape-0.92.1-4.20170510bzr15686.fc26.1

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

IrfanView buffer overflow vulnerability (CNVD-2017-30395)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A buffer overflow vulnerability exists in IrfanView version 4.44 32-bit. This vulnerability can be exploited b...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-34093)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

IrfanView Buffer Overflow Vulnerability (CNVD-2017-34094)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A buffer overflow vulnerability exists in IrfanView version 4.44 32-bit. This vulnerability can be exploited b...

[SECURITY] Fedora 26 Update: libwmf-0.2.8.4-53.fc26

A library for reading and converting Windows MetaFile vector graphics WMF...

batik: XML external entity processing vulnerability

An XXE vulnerability was found in Apache Batik which could allow a remote attacker to retrieve the files on the vulnerable server's filesystem by uploading specially crafted SVG images. The vulnerability could also allow a denial of service condition by performing an amplification attack...

UBUNTU-CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

DEBIAN-CVE-2017-11464

A SIGFPE is raised in the function boxblurline of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero...

UBUNTU-CVE-2017-11464

A SIGFPE is raised in the function boxblurline of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero...

DEBIAN-CVE-2017-10928

In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue...

UBUNTU-CVE-2017-10928

In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue...

[SECURITY] Fedora 25 Update: batik-1.8-9.fc25

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

[SECURITY] Fedora 24 Update: batik-1.8-9.fc24

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

CVE-2017-8778

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document...

Mozilla: Out-of-bounds read in ConvolvePixel (MFSA 2017-11, MFSA 2017-12)

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and...

UBUNTU-CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and...

UBUNTU-CVE-2017-5662

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

PT-2017-16654 · Apache +2 · Apache Batik +2

Name of the Vulnerable Software and Affected Versions: Apache Batik versions prior to 1.9 Description: The issue allows arbitrary users to reveal files on the server's filesystem by sending maliciously formed SVG files. The types of files that can be accessed depend on the user context in which t...

DEBIAN-CVE-2016-4068

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864...