[SECURITY] Fedora 25 Update: GraphicsMagick-1.3.25-1.fc25

GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software...

CVE-2016-6291

Removed by vendor...

The vulnerability of the Firefox browser allows a remote attacker to gain access to the dynamic memory of the process or trigger a service denial-of-service attack.

The vulnerability of the Firefox browser in the implementation of the QCMS component allows a malicious actor to gain access to confidential information from the dynamic memory of the process, or to trigger a service failure reading beyond the boundaries of the system by using an image that is...

The vulnerability of PHP software allows a malicious attacker to compromise the integrity and accessibility of protected information.

The vulnerability exists in the GD context component of PHP, due to the presence of the sequence %00 in path names. Exploiting this vulnerability allows malicious actors to overwrite arbitrary files using specially crafted input data that triggers the functions imagegd, imagegd2, imagegif,...

Updated libgd packages fix security vulnerability

Stack overflow with imagefilltoborder CVE-2015-8874. Integer Overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766. Integer Overflow in gdImagePaletteToTrueColor resulting in heap overflow CVE-2016-5767. Improperly handling invalid color index in gdImageCropThreshold could result in...

[SECURITY] Fedora 23 Update: GraphicsMagick-1.3.24-1.fc23

GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software...

[SECURITY] Fedora 22 Update: GraphicsMagick-1.3.24-1.fc22

GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software...

ImageMagick Denial of Service Vulnerability (CNVD-2016-03865)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in ImageMagick. An attacker can exploit this vulnerability to cause a denial ...

CVE-2015-8875

Multiple integer overflows in the 1 pixopscompositenearest, 2 pixopscompositecolornearest, and 3 pixopsprocess functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted image, whi...

CVE-2015-8875

Multiple integer overflows in the 1 pixopscompositenearest, 2 pixopscompositecolornearest, and 3 pixopsprocess functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted image, whi...

stickyKeysHunter - A Script to Test an RDP Host for Sticky Keys and Utilman Backdoor

This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server, send both the sticky keys and utilman triggers and screenshot the result. How does it work? 1. Connects to RDP using rdesktop 2. Sends shift 5 times using xdotool to trigger sethc.exe backdoors...

DLA-486-1 imagemagick - security update

Bulletin has no description...

CVE-2014-9762

imlib2 before 1.4.7 allows remote attackers to cause a denial of service segmentation fault via a GIF image without a colormap...

Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)

Security Fixes : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the...

ImageMagick: File deletion

It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an...

imagemagick: arbitrary code execution

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Warning — Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution

A serious zero-day vulnerability has been discovered in ImageMagick, a widely popular software tool used by a large number of websites to process user's photos, which could allow hackers to execute malicious code remotely on servers. ImageMagick is an open-source image processing library that let...

[SECURITY] Fedora 23 Update: python-pillow-3.0.0-4.fc23

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

[SECURITY] Fedora 22 Update: python-pillow-2.8.2-5.fc22

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

Memory Corruption Vulnerability in PhotoLine's Processing of PCX Images

PhotoLine is a professional image editing software from Germany. A memory corruption vulnerability exists in the software's handling of the PCX format, which could be exploited by attackers to construct malformed PCX files that could crash the program...