CVE-2022-32236

When a user opens manipulated Windows Bitmap .bmp, 2d.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-32236

SAP 3D Visual Enterprise Viewer is affected by CVE-2022-32236 via parsing manipulated Windows Bitmap BMP and related 2d.x3d inputs from untrusted sources. The issue, documented by ZDI as a BMP parsing out-of-bounds write enabling remote code execution, can crash the application or allow code exec...

CVE-2022-31796

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use...

UBUNTU-CVE-2022-31796

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use...

libjpeg 缓冲区错误漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding and other JPEG functions. A security vulnerability exists in libjpeg version 1.63, which stems from a heap-based buffer overread in HierarchicalBitmapRequester::FetchRegion in...

CVE-2019-15143

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...

new packages: bitmap-fonts

An update is available for bitmap-fonts. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

UBUNTU-CVE-2022-25169

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files...

OESA-2022-1645 SDL2 security update

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fixes: SDL Simple DirectMedia Layer through 2.0.12 has an Integer Overflow and resultant SDLmemcpy heap corruption in SDLBlitCopy in...

ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...

Microsoft Windows Kernel Bitmap Surface Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

PT-2022-19049 · Ffjpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg affected versions not specified Description: The issue is related to an integer overflow vulnerability in the bmp load function in bmp.c, which can lead to a heap overflow in jfif encode in jfif.c. This vulnerability is a result of an...

CVE-2022-27529

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code...

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from the American company Autodesk. A security vulnerability exists in Autodesk AutoCAD 2022, 2021, 2020, 2019, which originates from a maliciously crafted PICT, BMP, PSD, or TIF file that can be used to write to a buffer beyond the...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in video/SDLpixels.c in SDL Simple DirectMedia Layer. Using a crafted malicious .BMP file, an attacker can cause the application using this library to crash and potentially execute arbitrary code. Remediation...

DEBIAN-CVE-2021-33657

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

UBUNTU-CVE-2021-33657

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

PT-2022-7230 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.10 Description: The issue is related to the input set capability function in the Linux kernel, which can lead to an uncontrolled consumption of resources. An attacker can exploit this to cause a denial of...

Lead Technologies LEADTOOLS 输入验证错误漏洞

Lead Technologies LEADTOOLS is an image processing development kit from LEAD Technologies USA. Lead Technologies LEADTOOLS 22 suffers from an Input Validation Error vulnerability that stems from a specially crafted BMP file that could lead to an integer overflow, which in turn could lead to a...