82 matches found
CVE-2021-23352
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...
SANE Backends Buffer Overflow Vulnerability
SANE Backends is an application programming interface API and communication protocol for regulating communication between software and digital imaging devices. A buffer overflow vulnerability exists in the 'esci2img' function in versions of SANE Backends prior to 1.0.30. An attacker could exploit...
exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...
PT-2019-5890 · Imagemagick +6 · Imagemagick +6
Name of the Vulnerable Software and Affected Versions: ImageMagick versions 7.0.8-43 Q16 Description: The issue is related to a heap-based buffer over-read in the WritePNGImage function, which can allow a remote attacker to access confidential data and cause a denial of service. The problem is...
ImageMagick Denial of Service Vulnerability (CNVD-2018-26703)
ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A memory leak vulnerability exists in the 'WritePDBImage' function in the coders/pdb.c file in ImageMagick version...
XWiki cross-site scripting vulnerability (CNVD-2018-20220)
XWiki is an open source wiki and application platform written in Java and released under the LGPL. A cross-site scripting vulnerability exists in the 'image:' function in XWiki 10.7 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary payloads or scripts from...
DEBIAN-CVE-2017-18251
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file...
DEBIAN-CVE-2017-13141
In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c...
PT-2017-4104 · Imagemagick +4 · Imagemagick +4
Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.6-6 Description: A memory exhaustion issue was found in the ReadTIFFImage function, allowing attackers to cause a denial of service. The vulnerability is related to an error in the resource control mechanism, which can...
CVE-2017-11338
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack...
UBUNTU-CVE-2016-10057
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service application crash or have other unspecified impact via a crafted file...
PHP 'gdImageCreateFromGd2Ctx()' Function Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...
PT-2016-7361 · Imagemagick +2 · Imagemagick +2
Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: The issue allows remote attackers to cause a denial of service out-of-bounds read via a crafted file. This is due to a problem in the ReadRLEImage function in coders/rle.c...
Integer overflow
Multiple integer overflows in the loadimage function in file-pcx.c in the Personal Computer Exchange PCX plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based...
Gimp: Integer overflow in the PCX image file plug-in
Multiple integer overflows in the loadimage function in file-pcx.c in the Personal Computer Exchange PCX plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based...
1 6 2 1 0 0 Site Navigation 1. 9 local file inclusion vulnerability-vulnerability warning-the black bar safety net
Breaking app breaking vulnerability, but in order to encourage everyone to learn, or sent to. Reject malicious destruction! Program official: http://download.162100.com admin directory run.php the file part of the code is as follows: I find the Upload Directory editor/index.html Use the upload...
PT-2007-1121 · Cairo +1 · Cairo +1
Name of the Vulnerable Software and Affected Versions: Cairo versions prior to 1.4.12 Description: The issue is related to multiple integer overflows that may allow remote attackers to execute arbitrary code. This can be achieved by using a crafted PNG image with large width and height values,...
security flaw
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted PD...
security flaw
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted PD...
DEBIAN-CVE-2003-0130
The handleimage function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image...