ALSA-2021:4519 Moderate: autotrace security update

AutoTrace is a program for converting bitmaps to vector graphics. Security Fixes: autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact CVE-2019-19005 autotrace: integer overflow in input-bmp.c CVE-2019-19004 For more details about the security issues, including...

DEBIAN-CVE-2021-40985

A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to imageloadbmp...

HTMLDOC 缓冲区错误漏洞

HTMLDOC is an HTML file format conversion editor that reads HTML and Markdown source files or web pages and generates the corresponding EPUB, HTML, PostScript or PDF files with optional table of contents. A buffer overflow vulnerability exists in imageloadbmp in HTMLDOC versions prior to 1.9.12. ...

[SECURITY] Fedora 35 Update: python-reportlab-3.6.2-1.fc35

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

CVE-2020-23546

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981...

IrfanView 安全漏洞

IrfanView is a very fast, small, compact and innovative free graphics viewer for Windows 9x, ME, NT, 2000, XP, 2003, 2008, Vista, Windows 7, Windows 8, Windows 10. A denial of service vulnerability exists in IrfanView version 4.54. The vulnerability stems from data from the wrong address being us...

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Exploit for Path Traversal in Microsoft

CVE-2021-40444 Usage Ensure to run setup.sh first as yo...

ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...

ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...

DEBIAN-CVE-2021-39520

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-39517

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-39520

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

libjpeg 代码问题漏洞

libjpeg is a free library written entirely in C to handle the JPEG image data format. libjpeg 2020021 and earlier versions of blockbitmaprequester.cpp contain the BlockBitmapRequester::ReconstructUnsampled function is vulnerable to a null pointer dereference. An attacker could exploit this...

PT-2021-4842 · Adobe · Indesign

Name of the Vulnerable Software and Affected Versions: Adobe InDesign versions 16.3 and earlier, and 16.3.1 and earlier Description: The issue is related to an out-of-bounds write vulnerability in Adobe InDesign, which could result in arbitrary code execution in the context of the current user...

DEBIAN-CVE-2021-39257

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain starting from ntfsattrpwrite, causing stack consumption in NTFS-3G 2021.8.22...

AZL-6762 CVE-2021-39257 affecting package ntfs-3g for versions less than 2021.8.22-1

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain starting from ntfsattrpwrite, causing stack consumption in NTFS-3G 2021.8.22...

UBUNTU-CVE-2021-39257

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain starting from ntfsattrpwrite, causing stack consumption in NTFS-3G 2021.8.22...

Tuxera NTFS-3G 安全漏洞

Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions.A security vulnerability exists in Tuxera NTFS-3G, which stems from the fact that a manual NTFS image with an unallocated bitmap can lead to an endless chain of...

PT-2021-5778 · Ntfs-3G +7 · Ntfs-3G +7

Name of the Vulnerable Software and Affected Versions: NTFS-3G versions prior to 2021.8.22 Description: The issue is related to the ntfs attr pwrite function in the NTFS-3G file system driver, which is affected by uncontrolled recursion. This can be exploited by an attacker using a specially...