79 matches found
CVE-2012-10037
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...
CVE-2012-10037
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...
CVE-2012-10037 PhpTax pfilez Parameter Exec Remote Code Injection
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...
PT-2025-32550 · Phptax · Phptax
Name of the Vulnerable Software and Affected Versions: PhpTax version 0.8 Description: PhpTax version 0.8 contains a remote code execution issue in drawimage.php. The pfilez GET parameter is passed to the exec function without proper sanitization. This allows a remote attacker to inject arbitrary...
SUSE CVE-2009-3604
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted P...
SUSE CVE-2016-10046
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service application crash via a crafted image file...
SUSE CVE-2017-14314
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service DrawDashPolygon heap-based buffer over-read and application crash via a crafted file...
SUSE CVE-2017-16547
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service negative strncpy and application crash or possibly have unspecified other impact via a...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Information Disclosure
firefox is vulnerable to information disclosure. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function takes a variable amount of time depending on the content of the underlying image. This can result in potential cross-origin information...
OSV-2020-794 Use-of-uninitialized-value in Splash::pipeRunSimpleXBGR8
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23086 Crash type: Use-of-uninitialized-value Crash state: Splash::pipeRunSimpleXBGR8 Splash::blitImage Splash::drawImage...
The vulnerability in the DrawImage function (magick/render.c) of the cross-platform graphics library GraphicsMagick, which allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability in the DrawImage function magick/render.c of the cross-platform graphics library GraphicsMagick exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...
The vulnerability in the DrawImage function (magick/render.c) of the cross-platform graphics library GraphicsMagick, which allows a hacker to trigger a service failure.
The vulnerability of the DrawImage function in the cross-platform graphics library GraphicsMagick is related to a buffer overflow error. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created file...