Writing to cycle collected object during image decoding — Mozilla

Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition...

Mandriva Linux Security Advisory : firefox (MDVSA-2012:145)

Security issues were identified and fixed in mozilla firefox : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

Mandriva Update for firefox MDVSA-2012:145 (firefox)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

ImageMagick security and bug fix update

6.2.8.0-12.el5 - Add fix for CVE-2010-4167 767142 6.2.8.0-11.el5 Fix assertion failed when using 'identify -verbose' when theres no image information available 502626 6.2.8.0-10.el5 Fix memory allocation failure when using color option 616538 Fix hang when converting broken GIF 693989 Fix...

ImageMagick security and bug fix update

6.2.8.0-4.el55.2 - Fix SGI image decoding 625058 6.2.8.0-4.el55.1 - Add fix for CVE-2009-1882 504304...

JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

Google Chrome < 4.0.249.78 Multiple Vulnerabilities

Binary data 5328.pasl...

PDF JBIG2 invalid free()

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data...

giflib security update

CentOS Errata and Security Advisory CESA-2009:0444 Updated giflib packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The giflib packages contain a shared...

CVE-2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the 1 cupsImageReadTIFF function in the imagetops filter...

CVE-2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the 1 cupsImageReadTIFF function in the imagetops filter...

PDF JBIG2 integer overflow

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file...

cups: Integer overflow in the TIFF image filter

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the 1 cupsImageReadTIFF function in the imagetops filter...

Gentoo Security Advisory GLSA 200411-08 (GD)

The remote host is missing updates announced in advisory GLSA 200411-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

xpm -- image decoding vulnerabilities

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-1573

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information memory contents via a crafted 1 BMP or 2 GIF image, which causes an out-of-bounds read...

CVE-2008-1573

Apple Mac OS X ImageIO’s BMP/GIF decoding engine is affected by CVE-2008-1573: an out-of-bounds read could disclose memory contents when processing crafted BMP or GIF images. Affected versions are Mac OS X before 10.5.3. The issue is addressed by updating to Mac OS X 10.5.3 Security Update; apply...

Debian Security Advisory DSA 591-1 (libgd2)

The remote host is missing an update to libgd2 announced via advisory DSA 591-1. OpenVAS Vulnerability Test $Id: deb5911.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 591-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Re: GDI+ and Internet Explorer question

IE has its own image decoders for many image types jpeg, ico, etc. You can trigger this bug remotely by renaming your .ico to .emf or .wmf, which forces it be opened by the Picture and Fax Viewer using GDI+. -HD On Saturday 09 June 2007 06:40, [email protected] wrote: fails to crash my Internet...

DSA-1168-1 imagemagick

Bulletin has no description...