USN-4572-1 spice vulnerability

Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code...

spice: multiple buffer overflow vulnerabilities in QUIC decoding code

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed...

CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed...

CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

UBUNTU-CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2

An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest...

python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2

An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest...

CVE-2020-11538

An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest...

PYSEC-2020-80

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...

CVE-2020-13902

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding...

CVE-2020-13902

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding...

CVE-2020-13902

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding...

CVE-2020-13902

CVE-2020-13902 entry is rejected; this CVE is not an active vulnerability.

DEBIAN-CVE-2020-13790

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file...

UBUNTU-CVE-2019-19721

An off-by-one error in the DecodeBlock function in codec/sdlimage.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service memory corruption via a crafted image file. NOTE: this may be related to the SDLImage product...

Windows Photo Viewer prints white lines when you use an XPS driver to print photos in Windows

Windows Photo Viewer prints white lines when you use an XPS driver to print photos in Windows Symptoms Consider the following scenario: You install update 2670838 on a computer that is running Windows 7 or Windows Server 2008 R2. Or, you are using a computer that is running Windows RT, Windows 8,...

python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c

A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the...

CVE-2020-5311

An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system...

Denial Of Service (DoS)

pillow is vulnerable to denial of service DoS. The vulnerability exists as there was a lack of sanity check on xsize when decoding Pcx images with the P mode...

UBUNTU-CVE-2020-5313

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...