WebP Image Extensions Information Disclosure Vulnerability

...

PT-2020-4678

Name of the Vulnerable Software and Affected Versions WebP Image Extensions affected versions not specified Description The issue is related to a lack of protection for sensitive data in the WebP Image Extension, which can allow a remote attacker to gain unauthorized access to protected...

KLA12004 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, spoof user interface. Below is a complete list of...

The vulnerability of the WEBP::GetLE32 function in the “exempi” utility allows a hacker to cause a service failure.

The vulnerability of the WEBP::GetLE32 function located at XMPFiles/source/FormatSupport/WEBPSupport.hpp in the “exempi” utility is related to pointer swapping errors. Exploiting this vulnerability could allow a remote attacker to cause service failure...

Microsoft Windows WebP Image Extension RCE (August 2020)

The Windows 'WebP Image Extension' or 'WebP from Device Manufacturer' app installed on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this vulnerability via an specially crafted image to execute code and gain control of the...

AVIF has landed

Back in ancient July I released a video that dug into how lossy and lossless image compression works and how to apply that knowledge to compress a set of different images for the web. Well, that's already out of date because AVIF has arrived. Brilliant. AVIF is a new image format derived from the...

Microsoft Windows WEBP VP8X Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

MGASA-2020-0196 Updated exiv2 packages fix security vulnerability

The updated packages fix a security vulnerability: A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service large heap allocation followed by a very long running loop via a crafted WEBP image file. CVE-2019-13111...

exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service large heap allocation followed by a very long running loop via a crafted WEBP image file...

openSUSE Security Update : exiv2 (openSUSE-2020-482)

This update for exiv2 fixes the following issues : exiv2 was updated to latest 0.26 branch, fixing bugs and security issues : - CVE-2017-1000126: Fixed an out of bounds read in webp parser bsc1068873. - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function bsc1040973....

Security update for exiv2 (moderate)

openSUSE Security Update: Security update for exiv2 Announcement ID: openSUSE-SU-2020:0482-1 Rating: moderate References: 1040973 1068873 1088424 1097599 1097600 1109175 1109176 1109299 1115364 1117513 1142684 Cross-References: CVE-2017-1000126 CVE-2017-9239 CVE-2018-12264 CVE-2018-12265...

The vulnerability of the WriteWEBPImage function (coders/webp.c), a cross-platform library for working with graphics using GraphicsMagick, allows an attacker to execute arbitrary code.

The vulnerability of the WriteWEBPImage function coders/webp.c, a cross-platform library for working with graphics using GraphicsMagick, is related to a buffer overflow vulnerability. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

EulerOS 2.0 SP5 : exiv2 (EulerOS-SA-2019-2144)

According to the versions of the exiv2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.CVE-2018-14046 - There is a heap-based buffer over-read i...

CVE-2019-14982

An out-of-bounds read could happen when exiv2, or an application linked against the exiv2 library, is used to parse untrusted images in the WebP format. This flaw is caused by an integer wraparound in function WebPImage::getHeaderOffset, which could allow an attacker to crash the application...

CVE-2019-11927

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100...

CVE-2019-11927

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100...

Integer overflow

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100...

CVE-2019-11927

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100...

CVE-2019-11927

CVE-2019-11927 is an integer overflow in WhatsApp media parsing libraries that enables a remote attacker to trigger an out-of-bounds write on the heap via specially crafted EXIF tags in WEBP images. Affected: WhatsApp for Android prior to 2.19.143 and WhatsApp for iOS prior to 2.19.100. Impact de...

WordPress WebP Express Plugin < 0.14.11 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113503";...