[SECURITY] Fedora 31 Update: python-reportlab-3.5.34-2.fc31

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

Huawei EulerOS: Security Advisory for libXfont (EulerOS-SA-2019-2357)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2019-19581

An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service out-of-bounds access because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves...

edk2: Stack buffer overflow with corrupted BMP

A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 162^4 or 2562^8 colors...

Low: Red Hat Security Advisory: ghostscript security, bug fix, and enhancement update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

UBUNTU-CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

openSUSE Security Update : ovmf (openSUSE-2019-1139)

This update for ovmf fixes the following issue : Security issue fixed : - CVE-2018-12181: Fixed a stack-based buffer overflow in the HII database when a corrupted Bitmap was used bsc1128503. This update was imported from the SUSE:SLE-12-SP3:Update update project. %NASLMINLEVEL 70300 C Tenable...

Virtuozzo 7 : ghostscript / ghostscript-cups / ghostscript-devel / etc (VZLSA-2019-0633)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

CentOS 7 : ghostscript (CESA-2019:0633)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: Red Hat Security Advisory: ghostscript security and bug fix update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

UBUNTU-CVE-2018-20185

In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits...

ghostscript security update

CentOS Errata and Security Advisory CESA-2018:3650 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

OMRON CX-Supervisor PAG Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17073

CVE-2018-17073 concerns wernsey/bitmap prior to 2018-08-18, where processing a 4-bit image can trigger a NULL pointer dereference (denial of service). The CNVD/NVD entries confirm a NULL pointer backreference vulnerability in the library used for in-memory and disk bitmap manipulation. Impact is ...

DEBIAN-CVE-2018-12599

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file...

UBUNTU-CVE-2017-2905

An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application...

Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS17-017)

include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif CONST LONG maxTimes = 2000; CONST LONG tmpTimes = 3000; static HBITMAP hbitmapmaxTimes ...

Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS16-039)

include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static HBITMAP hBmpHunted = NULL; static HBITMAP hBmpExtend = NULL; static DWORD...

DEBIAN-CVE-2018-6616

In OpenJPEG 2.3.0, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file...

libreoffice/pngfuzzer: Container-overflow in BitmapColor::GetBlue

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=5533260961546240 Project: libreoffice Fuzzer: libFuzzerlibreofficepngfuzzer Fuzz target binary: pngfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Container-overflow...