Debian DLA-1888-1 : imagemagick security update

Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-12974 NULL pointer dereference in ReadPANGOImage and ReadVIDImage coders/pango.c and coders/vid.c. This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image...

DjVuLibre bitmap reader component resource management error vulnerability

DjVuLibre is an open source implementation of DjVu computer file format , which includes DjVu file viewer , browser plug-ins , DjVu file decoder/encoder and other utilities. bitmap reader is one of the bitmap viewer component . A resource management error vulnerability exists in the bitmap reader...

CVE-2019-11042

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

SDL_image PCX Image Code execution Vulnerability

Summary An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

About the security content of tvOS 12.4

About the security content of tvOS 12.4 This document describes the security content of tvOS 12.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of watchOS 5.3

About the security content of watchOS 5.3 This document describes the security content of watchOS 5.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of iOS 12.4

About the security content of iOS 12.4 This document describes the security content of iOS 12.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

CVE-2019-13960

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the...

GHSA-R7J3-VVH2-XRPJ OS Command Injection in MiniMagick

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a | character followed by a command...

CVE-2019-13574

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

ImageMagick Resource Management Error Vulnerability (CNVD-2019-29434)

ImageMagick is a set of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A security vulnerability exists in ImageMagick Studio ImageMagick version 7.0.8-50 Q16. An attacker could exploit thi...

ImageMagick Resource Management Error Vulnerability (CNVD-2019-29429)

ImageMagick is the United States ImageMagick Studio, Inc. of a set of open source image processing software. A memory disclosure vulnerability exists in the 'ReadPSImage' function in the coders/ps.c file in ImageMagick Studio ImageMagick versions prior to 7.0.8-50. An attacker can exploit this...

Fedora Update for GraphicsMagick FEDORA-2019-da4c20882c

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: GraphicsMagick-1.3.32-1.fc30

GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software...

The vulnerability of the parse_makernote function in the LibRaw image processing library allows a hacker to trigger a service failure.

The vulnerability of the parsemakernote function in the LibRaw image processing library is related to buffer overflow in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

MGASA-2019-0186 Updated imagemagick packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Fixed a heap-based buffer overflow in ReadMNGImage. CVE-2019-11007 Fixed a heap-based buffer overflow in WriteXWDImage. CVE-2019-11008, CVE-2019-11009...

CVE-2019-5305

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159C185 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a...

Double free

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159C185 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a...

CVE-2019-5305

CVE-2019-5305 affects the image processing module on some Huawei Mate 10 devices (before ALP-L29 9.0.0.159). The root cause is a memory double-free vulnerability that can be triggered when a user installs a malicious app and it calls a specific API, potentially leading to a system crash. Public d...

CVE-2019-5305

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159C185 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a...