20 matches found
SUSE CVE-2023-53777
In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could ...
EUVD-2023-60129
In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could ...
UBUNTU-CVE-2023-53777
In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could ...
CVE-2023-53777 erofs: kill hooked chains to avoid loops on deduplicated compressed images
In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could ...
PT-2025-49637
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the EROFS implementation where hooked chains can create loops on deduplicated compressed images. This can occur when two chains link to each other...
Maintenance update for SUSE Manager 4.3 Release Notes
Description: This update fixes the following issues: release-notes-susemanager-proxy: Update to SUSE Manager 4.3.14 Bugs mentioned: bsc1217003, bsc1221505, bsc1225619, bsc1225960, bsc1226917 bsc1227606, bsc1228036, bsc1228345, bsc1228851, bsc1229079 bsc1229260, bsc1229339 Security update for SUSE...
OESA-2023-1923 python-pillow security update
Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. Security Fixes: Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data...
RUSTSEC-2022-0103 Incorrect signature verification on gzip-compressed install images
The coreos-installer is a program to fetch a disk image and stream it to a target disk. During the installation process the installation image gpg signatures are verified. The signature verification can be bypassed for gzip-compressed images due to a flaw in gzip coreos-installer wrapper. When th...
Incorrect signature verification on gzip-compressed install images
The coreos-installer is a program to fetch a disk image and stream it to a target disk. During the installation process the installation image gpg signatures are verified. The signature verification can be bypassed for gzip-compressed images due to a flaw in gzip coreos-installer wrapper. When th...
coreos-installer 数据伪造问题漏洞
CoreOs-Installer is a program. It is used to assist in the installation of Fedora CoreOs Fcos and CoreOs for Red Hat Enterprise Linux Rhcos. A security vulnerability exists in coreos-installer that allows an attacker to spoof victims by Gzip-compressing images and using malicious data on...
LibTIFF PixarLogDecode Remote Code Execution Vulnerability(CVE-2016-5875)
Summary An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF's PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled...
cups: cupsRasterReadPixels buffer overflow
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash...
FreeBSD Ports: xli
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
DSA-1498-1 libimager-perl - buffer overflow
Bulletin has no description...
Debian: Security Advisory (DSA-695-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
iDefense Security Advisory 06.13.06: Microsoft Internet Explorer ART File Heap Corruption Vulnerability
Microsoft Internet Explorer ART File Heap Corruption Vulnerability iDefense Security Advisory 06.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities June 13, 2006 I. BACKGROUND Internet Explorer is the web browser included in Microsoft Corp.'s Windows products. II...
Mandrake Linux Security Advisory : xli (MDKSA-2005:076)
A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped CVE-2005-0638. It was also found that insufficient validation of...
Debian DSA-695-1 : xli - buffer overflow, input sanitising, integer overflow
Several vulnerabilities have been discovered in xli, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2001-0775 A buffer overflow in the decoder for FACES format images could be exploited by an attacker to execute arbitrary code...
Debian DSA-694-1 : xloadimage - missing input sanitising, integer overflow
Several vulnerabilities have been discovered in xloadimage, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0638 Tavis Ormandy of the Gentoo Linux Security Audit Team has reported a flaw in the handling of compressed images,...
CVE-2005-0638
CVE-2005-0638 affects xloadimage (and xli) where filenames are not properly quoted when invoking gunzip, allowing shell metacharacter injection and arbitrary command execution when a malformed filename is processed. The issue impacts xloadimage prior to version 4.1-r2 and xli prior to 1.17, acros...