Fedora 36 : OpenImageIO (2022-e63bc3eca2)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e63bc3eca2 advisory. Update to 2.3.21.0. Security fix for CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977...

Heap overflow

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensiti...

UBUNTU-CVE-2022-36354

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensiti...

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an image read and write library that also provides several tools and applications. A stack buffer overflow vulnerability exists in the TGA file format parser in OpenImageIO v2.3.19.0. An attacker could exploit this vulnerability to cause out-of-bounds writes and arbitrary code...

PT-2022-6795 · Unknown +2 · Openimageio +2

Name of the Vulnerable Software and Affected Versions: OpenImageIO versions prior to v2.3.20 OpenImageIO master-branch-9aeece7a and v2.3.19.0 Description: A heap out-of-bounds read issue exists in the RLA format parser of OpenImageIO, specifically in the handling of run-length encoded byte spans...

CVE-2021-21944

Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place tryi...

PT-2022-9207 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: A heap-based buffer overflow issue exists in the TIFF parser functionality. This can be triggered by a specially-crafted file, leading to a heap buffer overflow. An attacker can exploit this by...

python-pillow: Regular expression DoS in PDF format parser

A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack...

UBUNTU-CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2020-13572

A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. A heap overflow vulnerability exists in the way the GIF parser in Accusoft ImageGear 19.8 decodes LZW compressed streams. An attacker can exploit this vulnerability to execute arbitrary code via specially...

Arbitrary Code Execution

openoffice.org is vulnerable to arbitrary code execution. An integer overflow flaw leading to a heap buffer overflow in the Windows Metafile WMF image format parser allows an attacker to create a carefully crafted document containing a malicious WMF file that could cause OpenOffice.org to crash,...

GoPro GPMF-parser heap buffer overflow vulnerability (CNVD-2020-03866)

GoPro gpmf-parser is a GPMF format telemetry data parser for use in GoPro cameras from GoPro USA. A buffer overflow vulnerability exists in the GetPayload of the GPMFmp4reader.c file in GoPro GPMF-parser version 1.2.3. The vulnerability stems from a networked system or product performing operatio...

Cdemu libMirage NRG parser code issue vulnerability

Cdemu is a virtual CD/DVD drive for the Linux platform. libMirage is one of the libraries used to access CD-ROM images. A code issue vulnerability exists in the NRG parser of libMirage version 3.2.2 in Cdemu. The vulnerability stems from an improperly designed or implemented code development...

Null pointer dereference

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a...

openSUSE Security Update : libxkbcommon (openSUSE-2018-1418)

This update for libxkbcommon to version 0.8.2 fixes the following issues : - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a...

gpmf-parser heap overflow vulnerability

gpmf-parser is a parser for gpmf format files used to store high-frequency periodic sensor data in video files such as MP4. A heap overflow vulnerability exists in the 'GPMFNext' function of the GPMFparser.c file in gpmf-parser version 1.1.2. An attacker can exploit this vulnerability to cause a...

Toppydo Input Validation Vulnerability

topdo is a to-do list management application. An input validation vulnerability exists in the 'ListFormatParser::parse' function in the topdo/lib/ListFormat.py file in topdo. The vulnerability can be exploited to inject arbitrary bytes into the endpoint with the help of a todo.txt file with one o...

PYSEC-2018-76

topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attac...

UBUNTU-CVE-2018-1000039

In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file...