Socusoft Photo To Video Converter Handles BMP with Memory Corruption Vulnerability

Socusoft Photo To Video Converter is a free slideshow maker that converts a bunch of photos into one video file. Socusoft Photo To Video Converter handles BMP with a memory corruption vulnerability that can be exploited by attackers to cause the program to crash by constructing malformed BMP imag...

SUSE-SU-2018:2676-1 Security update for tiff

This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tifpackbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of...

UBUNTU-CVE-2018-16323

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the...

pixiv: RCE due to ImageTragick v2

Hello Pixiv team! Your Image processing process suffering from ImageTragick v2. Issue is caused by ghostscript RCE findnings. How to reproduce: PATCH /design Host: manage.booth.pm send following image: ------WebKitFormBoundaryXX05yrKS4g8d9CWh Content-Disposition: form-data; name="shopheader";...

ghostscript command execution vulnerability alerts-a vulnerability alert-the black bar safety net

8 on the 21st, Tavis Ormandy disclosed by the mail list hxxps://bugs. chromium. org/p/project-zero/issues/detail? id=1640, and again that ghostscript security sandbox can be bypassed by constructing a malicious image content, can cause the command execution. ghostscript is widely used, ImageMagic...

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Google Project Zero's security researcher has discovered a critical remote code execution RCE vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on differen...

[SECURITY] [DSA 4276-1] php-horde-image security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4276-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 17, 2018 https://www.debian.org/security/faq -...

CVE-2016-9572

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...

CVE-2016-9572

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...

CVE-2016-9572

CVE-2016-9572 : OpenJPEG 2.1.2 contains a NULL pointer dereference when decoding certain input images due to a logic error in the decoding path, which could cause an application crash. Public references describe this as a vulnerability in the OpenJPEG JPEG 2000 codec with multiple advisories noti...

Vulnerability Spotlight: Computerinsel Photoline Multiple Vulnerabilities

Vulnerabilities discovered by Tyler Bohan from Talos Overview Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base...

Computerinsel Photoline PSD Blending Channel Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerabili...

Computerinsel Photoline ANI Parsing Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this...

[SECURITY] [DLA 1401-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.20-3+deb8u3 CVE ID : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241 CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 CVE-2017-11636 CVE-2017-11643 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13134 CVE-2017-14314...

USN-3693-1 jasper vulnerabilities

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

SUSE-SU-2018:1825-1 Security update for jpeg

This update for jpeg fixes the following issues: CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service crash when processing images bsc1062937 CVE-2018-11813: Fixed the end-of-file mishandling in readpixel in rdtarga.c, which allowed remote attacker...

Debian DLA-1395-1 : php-horde-image security update

It was discovered that there were two remote code execution vulnerabilities in php-horde-image, the image processing library for the Horde groupware tool : - CVE-2017-9774: A remote code execution vulnerability RCE that was exploitable by a logged-in user sending a maliciously crafted HTTP GET...

CVE-2018-1152

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image...

ImageMagick Buffer Overflow Vulnerability (CNVD-2018-12313)

ImageMagick is the United States ImageMagick Studio company's set of open source image processing software. A security vulnerability exists in versions of ImageMagick prior to 6.9.4-4. A remote attacker could exploit this vulnerability to cause a denial of service application crash...

Basecamp: Remote code execution on Basecamp.com

A critical flaw in Basecamp's profile image upload function leads to remote command execution. Images are converted on the server side, but not only image files but also PostScript/EPS files are accepted if renamed to .gif. This is probably due to ImageMagick / GraphicsMagick being used for image...