Security update for gegl (important)

openSUSE Security Update: Security update for gegl Announcement ID: openSUSE-SU-2021:4209-1 Rating: important References: 1194045 Cross-References: CVE-2021-45463 CVSS scores: CVE-2021-45463 SUSE: 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 An update tha...

Security update for gegl (important)

openSUSE Security Update: Security update for gegl Announcement ID: openSUSE-SU-2021:4210-1 Rating: important References: 1194045 Cross-References: CVE-2021-45463 CVSS scores: CVE-2021-45463 SUSE: 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 An update tha...

OSV-2021-1760 Heap-buffer-overflow in grk::GrkImage::sycc420_to_rgb

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42931 Crash type: Heap-buffer-overflow WRITE 4 Crash state: grk::GrkImage::sycc420torgb grk::GrkImage::colorsycctorgb grk::GrkImage::colorConvert...

CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the stbiconvertformat function via the stbimage.h component. An attacker can cause a crash and denial of service by loading a specially crafted invalid PICT file. Remediation Upgrade sdlimage to version 3.4.0...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the stbiconvertformat function via the stbimage.h component. An attacker can cause a crash and denial of service by loading a specially crafted invalid PICT file. Remediation A fix was pushed into the master...

CVE-2021-3962

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this...

virt:ol and virt-devel:ol security, bug fix, and enhancement update

libguestfs-winsupport 8.2 - Resolves: bz1810193 Upgrade components in virt:rhel module:stream for RHEL-8.3 release libguestfs 1.40.2-28.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to o...

[SECURITY] Fedora 35 Update: kxstitch-2.1.1-6.fc35

KXStitch can be used to create cross stitch patterns from scratch. It is also possible to convert existing images to a cross stitch pattern or scan one with a Sane supported scanner...

python-pillow: Buffer overflow in image convert function

A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the "convert" or "ImagingConvertTransparent" functions in Convert.c. The highest threat to this vulnerability is to system availability. ...

DEBIAN-CVE-2020-23109

Buffer overflow vulnerability in function convertcolorspace in heifcolorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file...

UBUNTU-CVE-2020-23109

Buffer overflow vulnerability in function convertcolorspace in heifcolorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file...

libheif 缓冲区错误漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. libheif version 1.6.2 contains a buffer overflow vulnerability in the convertcolorspace function in heifcolorconversion.cc. An attacker can exploit this vulnerability to cause a denial of service and disclose sensitive...

The vulnerability of the Convert.c component in the Pillow image processing library, related to buffer overflow in memory, allows an attacker to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Convert.c component in the Pillow image processing library relates to the ability to pass parameters directly to the function. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failur...

Huawei EulerOS: Security Advisory for perl-Convert-ASN1 (EulerOS-SA-2021-2603)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : perl-Convert-ASN1 (EulerOS-SA-2021-2603)

According to the versions of the perl-Convert-ASN1 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - perl-Convert-ASN1 aka the Convert::ASN1 module for Perl through 0.27 allows remote attackers to cause an infinite loop via unexpected...

convert-doc.com Cross Site Scripting vulnerability OBB-2192984

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Buffer Overflow in Pillow

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...