SUSE CVE-2016-8707

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered...

SUSE CVE-2016-9114

There is a NULL Pointer Access in function imagetopnm of convert.c:1943jp2 of OpenJPEG 2.1.2. image-compscompno.data is not assigned a value after initializationNULL. Impact is Denial of Service...

SUSE CVE-2017-10683

In mpg123 1.25.0, there is a heap-based buffer over-read in the convertlatin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack...

SUSE CVE-2017-11537

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception FPE in the WritePALMImage function in coders/palm.c, related to an incorrect bits-per-pixel calculation...

SUSE CVE-2017-14040

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact...

SUSE CVE-2017-17555

The swriaudioconvert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted audio file...

SUSE CVE-2018-13419

An issue has been found in libsndfile 1.0.28. There is a memory leak in psfallocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue...

SUSE CVE-2018-16982

Open Chinese Convert OpenCC 1.0.5 allows attackers to cause a denial of service segmentation fault because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file...

SUSE CVE-2020-23109

Buffer overflow vulnerability in function convertcolorspace in heifcolorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file...

SUSE CVE-2021-3962

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this...

SUSE CVE-2021-34552

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

SUSE CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke...

SUSE CVE-2022-29458

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the terminfo library...

SUSE CVE-2022-36012

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We wi...

SUSE CVE-2022-41843

An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928...

GSS-NTLMSSP 缓冲区错误漏洞

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication from the gssapi open source. A buffer error vulnerability exists in GSS-NTLMSSP versions prior to 1.2.0, which stems from a failure of ntlmstrconvert that could result in a zero being written to an arbitra...

PT-2023-35217 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.166 Description: The issue concerns a potential Spectre v1 gadget in the ip metrics convert function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2023-34977 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue concerns a potential Spectre v1 gadget in the ip metrics convert function. This could potentially be exploited, although the actual impact and attack plausibility have not yet been...

DEBIAN-CVE-2022-44267

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image e.g., for resize, the convert process could be left waiting for stdin input...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

ImageMagick LFI PoC CVE-2022-44268 The researchers at Me...