libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

CVE-2013-0849

The roqdecodeinit function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted 1 width or 2 height dimension that is not a multiple of sixteen in id RoQ video data...

CVE-2013-0857

The decodeframeilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data...

CVE-2013-0849

The roqdecodeinit function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted 1 width or 2 height dimension that is not a multiple of sixteen in id RoQ video data...

CVE-2013-0857

The decodeframeilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data...

CVE-2013-4243

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted height and width values in a GIF image...

plug-in): Heap-based buffer overflow by loading certain GIF images

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted height and len properties in a GIF image...

CVE-2011-4252

The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height...

CVE-2009-1570

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow...

Integer overflow

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow...

DEBIAN-CVE-2009-2294

Integer overflow in the Pngdatainfocallback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG image with crafted 1 width or 2 height values...