Interactive Graphical SCADA System (IGSS) Remote Code Execution Vulnerability

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. A remote code execution vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. An out-of-bounds write vulnerability exists in the TIF bitspersample handling function in Accusoft ImageGear version 19.9. An attacker can exploit the vulnerability via a specially crafted file to cause...

Foxit Reader Code Execution Vulnerability (CNVD-2021-36654)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

GPAC Null Pointer Dereference Vulnerability (CNVD-2021-30187)

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A null pointer dereference vulnerability exists in GPAC version 1.0.1 in filters/reframelatm.c when calling gffilterpckgetdata. An attacker could exploit this vulnerability via a specially crafted mp4 file to...

GPAC 代码问题漏洞

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A null pointer dereference vulnerability exists in the HintFile function in GPAC version 1.0.1. An attacker can exploit this vulnerability via a specially crafted file to cause a denial of service...

GPAC 缓冲区错误漏洞

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A memory leak vulnerability exists in the stblGetSampleInfos function in MP4Box in GPAC version 1.0.1. An attacker can exploit this vulnerability to read memory via specially crafted files...

Exif Null Pointer Dereference Vulnerability

Exif is a small command line utility to display EXIF information hidden in JPEG files. A null pointer dereference vulnerability exists in the "actions.c" file in Exif 0.6.22 and earlier. An attacker can exploit this vulnerability by uploading a malicious JPEG file that will crash the application...

GPAC Null Pointer Dereference Vulnerability (CNVD-2021-30188)

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A null pointer dereference vulnerability exists in the MergeTrack function of the isomedia/track.c module in GPAC v0.5.2. An attacker can exploit this vulnerability by uploading a malicious MP4 file to execute...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. An out-of-bounds write vulnerability exists in the SGI format buffer size handling feature of Accusoft ImageGear 19.8. An attacker can exploit the vulnerability by supplying a specially crafted malicious fi...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. An out-of-bounds write vulnerability exists in the SGI format buffer size handling feature of Accusoft ImageGear 19.8. An attacker can exploit the vulnerability by supplying a specially crafted malicious fi...

DEBIAN-CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2021-20243

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability...

The vulnerability lies in the implementation of the PrintData or PrintStats functions in the network traffic balancing system’s Keepalived component. This allows attackers to gain access to the protected information.

The vulnerability of the PrintData or PrintStats implementation in the network traffic balancing system of Keepalived is related to errors in processing temporary files. Exploiting this vulnerability can allow an attacker to access protected information through a specially created file...

Industrial Light And Magic OpenEXR 代码问题漏洞

Industrial Light and Magic Academy Software Foundation OpenEXR is an image file format from Industrial Light and Magic for High Dynamic Range HDR images.A code issue vulnerability exists in Industrial Light and Magic Academy Software Foundation OpenEXR, which stems from A null pointer compliance...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are due to the “race-to-privilege” scenario, which allows a malicious actor to escalate their privileges.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are due to a “race-to-the-bottom” scenario. Exploiting these vulnerabilities can allow an attacker to enhance their privileges...

ImageMagick exceeds the range of representable values of type 'unsigned long' Vulnerability

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. A vulnerability exists in MagickCore/statistic.c in versions of ImageMagick prior to 7.0.8-69 that exceeds the range of representable values of type 'unsigned long'. An...

Imagemagick Studio ImageMagick Input Validation Error Vulnerability (CNVD-2020-70257)

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.0.8-68, which stem...

ImageMagick Studio ImageMagick 数字错误漏洞

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. A numeric error vulnerability exists in MagickCore/gem-private.h in versions of ImageMagick prior to 7.0.9-0. An attacker can exploit this vulnerability by submitting a...

SUSE-SU-2020:2968-1 Security update for taglib

This update for taglib fixes the following issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file bsc1096180...

SAP 3D Visual Enterprise Viewer Input Validation Error Vulnerability (CNVD-2020-53173)

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. An input validation error vulnerability exists in SAP 3D Visual Enterprise Viewer 9, which can be exploited by an attacker via a specially crafted SKP file to cause the application to crash...