PT-2023-34918 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.303 Description: The issue is related to an overflow before widen in the bitmap ip create function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

GSD-2023-1001331 drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()

drivers/md/md-bitmap: check the return value of mdbitmapgetcounter This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001258 md/bitmap: Fix bitmap chunk size overflow issues

md/bitmap: Fix bitmap chunk size overflow issues This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1000893 md/bitmap: Fix bitmap chunk size overflow issues

md/bitmap: Fix bitmap chunk size overflow issues This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

GSD-2023-1000431 md/bitmap: Fix bitmap chunk size overflow issues

md/bitmap: Fix bitmap chunk size overflow issues This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

PT-2023-33508 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue is related to bitmap chunk size overflow. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.18, update to...

PT-2023-2177 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a logic error in the code of BitmapExport.java, which may cause a failure to truncate images. This can potentially allow an attacker to recover cropped or edited...

DEBIAN-CVE-2022-43594

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...

UBUNTU-CVE-2022-38143

A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...

UBUNTU-CVE-2022-43594

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an image read and write library that also provides several tools and applications. OpenImageIO v2.3.19.0 is vulnerable to a heap out-of-bounds write vulnerability when processing RLE-encoded BMP images. An attacker could exploit this vulnerability to write arbitrary out-of-bounds...

CLSA-2022-1669242003 Fix CVE(s): CVE-2022-45063

SECURITY UPDATE: possible RCE when using OSC 50 sequence - debian/patches/CVE-2022-45063.patch: Improve error recovery when setting a bitmap font for the VT100 window, e.g., in case OSC 50 failed, restoring the most recent valid font so that a subsequent OSC 50 reports this correctly. -...

CLSA-2022-1669239895 xterm: Fix of CVE-2022-45063

CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...

CLSA-2022-1669238963 xterm: Fix of CVE-2022-45063

CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...

CLSA-2022-1669237302 xterm: Fix of CVE-2022-45063

CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...

CLSA-2022-1669236294 xterm: Fix of CVE-2022-45063

CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...

xterm: Fix of CVE-2022-45063

CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...

kernel: dm mirror log: round up region bitmap size to BITS_PER_LONG

In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITSPERLONG The code in dm-log rounds up bitsetsize to 32 bits. It then uses findnextzerobitle on the allocated region. findnextzerobitle accesses the bitmap using unsigned long...

The vulnerability of the vector graphics editor CorelDRAW Graphics Suite (formerly CorelDRAW) lies in the ability to read data beyond the buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the CorelDRAW Graphics Suite formerly CorelDRAW graphic editor relates to reading data beyond the buffer boundaries in memory during the syntactic parsing of BMP files. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information by...

PT-2022-6379 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.0.8 Description: The issue is related to a use-after-free vulnerability in the ntfs trim fs function of the fs/ntfs3/bitmap.c component in the Linux kernel. This vulnerability may allow an attacker to impact the...