Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=747 The attached PoC crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce. Tested the PoC on a single core VM. Proof o...

Microsoft Windows Kernel - Bitmap Use-After-Free

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=686 ​The attached Proof-of-Concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways two examples attached. Proof of Concept:...

Microsoft Windows Kernel - Bitmap Use-After-Free

Microsoft Windows Kernel - Bitmap Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=686 ​The attached Proof-of-Concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways two examples attached. Proof of...

win32k Clipboard Bitmap - Use-After-Free

win32k Clipboard Bitmap - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=533 This PoC triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the clipboard. ---...

win32k Clipboard Bitmap - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=533 This PoC triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the...

Heap overflow in gdk-pixbuf when scaling bitmap images — Mozilla

Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf affecting Linux systems using Gnome. This issue is triggered by the scaling of a malformed bitmap format image and results in a potentially exploitable crash...

Uninitialized memory use during bitmap rendering — Mozilla

Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to...

CVE-2014-0993

Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library VCL in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file...

CVE-2014-0993

Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library VCL in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file...

CVE-2013-7388

The CVE-2013-7388 entry describes a heap-based buffer overflow in the paintlib component used by Trimble SketchUp prior to version 13.0.3689, exploitable via a crafted RLE4 BMP. This affects SketchUp’s use of paintlib; the issue is described as a heap overflow enabling remote code execution. The ...

Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities

The remote Debian host is missing a security update. It is, therefore, affected by multiple vulnerabilities in MediaWiki : - A cross-site scripting XSS vulnerability exists due to a failure to validate input before returning it to the user. An unauthenticated, remote attacker can exploit this, vi...

ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)

ImageMagick 6.8.8-4 - Local Buffer Overflow SEH !/usr/bin/perl Exploit Title: ImageMagick 6.8.8-5 - Local Buffer Overflow SEH Date: 2-13-2014 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: ImageMagick all versions prior to 6.8.8-5 Software Link:...

Code injection

The decodeframeilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data...

Updated libvirt package fixes security vulnerabilities

It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service CVE-2013-4296. It was discovered that libvirt incorrectly handled certain bitmap operations. A remote attacker could...

[SECURITY] Fedora 18 Update: autotrace-0.31.1-34.fc18

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

VLC 2.0.5 (.bmp) Heap Overflow PoC

Exploit for windows platform in category dos / poc !/usr/bin/perl 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc...

Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:006)

Multiple vulnerabilities has been found and corrected in freetype2 : A NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format BDF fonts. A remote attacker could provide a specially crafted BDF font file, which once processed in ...

Firefox < 10.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 10.0.7 and thus, is potentially affected by the following security issues : - Unspecified memory safety issues exist. CVE-2012-1970 - Multiple use-after-free errors exist. CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,...

Gimp: Integer overflow in the BMP image file plugin

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow...

Microsoft Mspaint - .bmp Crash (PoC)

Microsoft Mspaint - .bmp Crash PoC Exploit Title: Bmp crash , microsft paint Date: 187/09/2010 Author: andrew hayn Software Link: Version: winxp/sp3 Tested on: winxp/sp2/sp3 BMP File: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/15034.zip...