DjVuLibre Buffer Overflow Vulnerability (CNVD-2019-29361)

DjVuLibre is an open source implementation of DjVu computer file format that includes a DjVu file viewer, browser plug-in, DjVu file decoder/encoder and other utilities. A buffer overflow vulnerability exists in DjVuLibre version 3.5.27, which stems from a failure to perform zero-byte checking in...

RHEL 8 : ghostscript (RHSA-2019:2465)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2465 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service

get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries...

Low: Red Hat Security Advisory: ghostscript security, bug fix, and enhancement update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data...

edk2: Stack buffer overflow with corrupted BMP

A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 162^4 or 2562^8 colors...

DEBIAN-CVE-2019-13568

CImg through 2.6.7 has a heap-based buffer overflow in loadbmp in CImg.h because of erroneous memory allocation for a malformed BMP image...

UBUNTU-CVE-2019-13568

CImg through 2.6.7 has a heap-based buffer overflow in loadbmp in CImg.h because of erroneous memory allocation for a malformed BMP image...

The vulnerability of the opj_t1_encode_cblks function in the OpenJPEG image encoding and decoding library for Oracle Solaris allows a attacker to cause a service failure.

The vulnerability of the opjt1encodecblks function in the OpenJPEG image encoding and decoding library for Oracle Solaris is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created BMP file...

Xpdf Integer Overflow Vulnerability

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. An integer overflow vulnerability exists in the JBIG2Bitmap::combine function in JBIG2Stream.cc in Xpdf 4.01.01. An attacker can exploit this vulnerability to cause a denial of service...

CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

UBUNTU-CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

CVE-2019-2281

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...

Code injection

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...

CVE-2019-2281

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...

CVE-2019-2281

CVE-2019-2281 describes an unauthenticated bitmap image loading vulnerability that can lead to execution of unverified code in Qualcomm Snapdragon platforms. The incident is triggered by loading a bitmap into memory, potentially enabling local code execution with high impact (confidentiality, int...

ImageMagick Resource Management Error Vulnerability (CNVD-2019-29431)

ImageMagick is a set of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A memory disclosure vulnerability exists in the 'ReadBMPImage' function in the coders/bmp.c file in ImageMagick Studi...

ALPINE-CVE-2019-13133

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c...

CVE-2019-13133

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c...

USN-4039-1 CImg vulnerabilities

It was discovered that allocation failures could occur in CImg when loading crafted bmp images. An attacker could possibly use this issue to cause a denial of service. CVE-2018-7587 It was discovered that a heap-based buffer over-read existed in CImg when loading crafted bmp images. An attacker...