Microsoft Windows 8.1 (x64) RGNOBJ Integer Overflow

include include include include include include include HANDLE hWorker, hManager; BYTE bits; //dt nt!EPROCESS UniqueProcessID ActiveProcessLinks Token typedef struct DWORD UniqueProcessIdOffset; DWORD TokenOffset; VersionSpecificConfig; VersionSpecificConfig gConfig = 0x2e0, 0x348 ; //win 8.1 voi...

MS15-072: Vulnerability in Windows graphics component could allow elevation of privilege: July 14, 2015

MS15-072: Vulnerability in Windows graphics component could allow elevation of privilege: July 14, 2015 Summary This security update resolves a vulnerability in Windows that could allow elevation of privilege if the Windows graphics component fails to correctly process bitmap conversions. An...

ghostscript security update

CentOS Errata and Security Advisory CESA-2017:0013 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098)

// Source: https://github.com/sensepost/ms16-098/tree/b85b8dfdd20a50fc7bc6c40337b8de99d6c4db80 // Binary: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41020.exe include include include include include include include HANDLE hWorker, hManager; BYTE bits; //dt...

Input validation

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages...

CVE-2016-5182

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages...

CVE-2016-5182

CVE-2016-5182 is a Google Chrome/Chromium Blink vulnerability described as a heap overflow in the ImageBitmap/bitmap handling path that could be triggered by a crafted HTML page. The issue allows a remote attacker to potentially achieve remote code execution on the affected host. Affected version...

CVE-2016-5182

Removed by vendor...

UBUNTU-CVE-2016-5209

Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap Vulnerability

Exploit for Android platform in category remote exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists ...

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order...

CVE-2016-5209

Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between...

CVE-2016-5209

Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Microsoft Windows win32k.sys Bitmap Null Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

CVE-2016-8878

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return...

potrace heap buffer overflow vulnerability (CNVD-2016-10137)

potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A buffer overflow vulnerability exists in potrace bitmapio.c:651:11. An attacker could use this vulnerability t...

potrace heap buffer overflow vulnerability (CNVD-2016-10138)

potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A buffer overflow vulnerability exists in potrace bitmapio.c:717:4. An attacker could use this vulnerability to...

potrace heap buffer overflow vulnerability (CNVD-2016-10134)

potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A buffer overflow vulnerability exists in potrace bitmapio.c:744:4. An attacker could use this vulnerability to...