Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)

Microsoft Windows 8.1 x64 - RGNOBJ Integer Overflow MS16-098 // Source: https://github.com/sensepost/ms16-098/tree/b85b8dfdd20a50fc7bc6c40337b8de99d6c4db80 // Binary: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41020.exe include include include include inclu...

Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=824 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMRPLGBLT...

Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=824 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMRPLGBLT, EMRBITBLT, EMRSTRETCHBLT, EMRSTRETCHDIBITS etc. T...

Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds ReadsMemory Disclosure (MS16-074)

Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds ReadsMemory Disclosure MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple...

DEBIAN-CVE-2016-2191

The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory write and crash via a series of delta escapes in a crafted BMP image...

Nitro Pro Handles BMP Image Memory Corruption Vulnerability

Nitro pro is a PDF production and management software. Nitro pro software has a memory corruption vulnerability in the handling of BMP images. Allowing an attacker to exploit this vulnerability by constructing malformed BMP images can cause the program to crash...

ABViewer Handles BMP Image Memory Corruption Vulnerability

ABViewer is a multifunctional design and engineering document management tool that suffers from a memory corruption vulnerability when dealing with BMPs, and constructing malformed BMP images can cause the program to crash...

win32k Clipboard Bitmap - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=533 This PoC triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the clipboard. --- Note that multiple PoC executions and...

Android integer overflow vulnerability (CNVD-2015-06524)

Android is an operating system based on the Linux open kernel, announced on November 5, 2007 by Google Inc. for cell phones. An integer overflow vulnerability exists in Android versions prior to 5.1.1, LMY48I, which allows an attacker to cause a denial of service or obtain information about the...

KLA10478 Denial of service vulnerability in X.Org libXfont

Improper type conversion and bitmaps handling was found in X.Org libXfont. By exploiting this vulnerability malicious users can execute arbitrary code or cause denial of service. This vulnerability can be exploited remotely via a specially designed BDF font file. Original advisories X.Org advisor...

DEBIAN-CVE-2014-9666

The ttsbitdecoderinit function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service integer overflow and out-of-bounds read or possibly have unspecified other impact via ...

[SECURITY] Fedora 19 Update: autotrace-0.31.1-34.fc19

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

[SECURITY] Fedora 18 Update: inkscape-0.48.4-1.fc18

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

ACDSee Pro < 5.2 Multiple Memory Corruption Vulnerabilities

ACDSee, an image editing application, is installed on the remote host. The installed version of ACDSee is earlier than 5.2 and thus is potentially affected by multiple vulnerabilities : - Insufficient validation in IDICO.apl when copying colors from cursors in .CUR files can be exploited to cause...

Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)

This host is missing a critical security update according to Microsoft Bulletin MS11-006. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Adobe Reader BMP ColorData Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component...

Microsoft Windows graphics engine thumbnail stack buffer overflow

Overview Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code. Description Microsoft Windows contains a stack-based buffer overflow vulnerability caused by a signedness error in the...

Malformed bitmaps can reveal old data from random places in memory

Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Using canvas, the pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data...

Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories

Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Usi...

BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...