GD: User-assisted execution of arbitrary code

Background GD is a graphic library for fast image creation. Description Tomas Hoger reported that the gdGetColors function in gdgd.c does not properly verify the colorsTotal struct member, possibly leading to a buffer overflow. Impact A remote attacker could entice a user to open a specially...

CamlImages: User-assisted execution of arbitrary code

Background CamlImages is an image processing library for Objective Caml. Description Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the 1 readpngfile and readpngfileasrgb24 functions, when processing a PNG image CVE-2009-2295 and 2 gifread.c an...

CVE-2010-1509

IrfanView (before version 4.27) is vulnerable to a PSD parsing issue caused by a sign-extensions/unspecified integer variable handling error that can trigger a heap-based buffer overflow. This may allow a remote attacker to crash the application or potentially execute arbitrary code via a special...

CVE-2009-4776

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors relate...

Buffer overflow

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors relate...

CVE-2009-4776

CVE-2009-4776 describes a buffer overflow in Hitachi Cosminexus components (V4–V8 Processing Kit for XML and Developer’s Kit for Java) used in products such as uCosminexus, Electronic Form Workflow, GroupMax, and IBM XL C/C++ Enterprise Edition 7–8. The issue involves GIF image processing APIs in...

CVE-2009-4776

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors relate...

PHP < 5.2.10 JPEG Image Processing DoS Vulnerability

PHP is prone to a denial of service DoS vulnerability in the exifreaddata function. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime. User interaction is required in that a user must be coerced into executing a malicious java application via visiting a website. The specific flaw exists within the...

CVE-2010-0841

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CP...

[SECURITY] Fedora 13 Update: GraphicsMagick-1.3.12-1.fc13

GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software...

Fedora Update for GraphicsMagick FEDORA-2010-0001

Check for the Version of GraphicsMagick OpenVAS Vulnerability Test Fedora Update for GraphicsMagick FEDORA-2010-0001 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Firefox XBM Image Processing Buffer Overflow (CVE-2005-2701)

The Firefox web browser is an application designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so on. The web browser is capable of rendering images of numerous types. Some of the types Firefox is able to render are Joint Photographic Exper...

Debian DSA-1912-1 : camlimages - integer overflow

It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the...

Coppermine Photo Gallery picEditor.php Command Execution

This module exploits a vulnerability in the picEditor.php script of Coppermine Photo Gallery versions 1.4.14 and earlier. When configured to use the ImageMagick library, the 'quality', 'angle', and 'clipval' parameters are not properly escaped before being passed to the PHP 'exec' command. In ord...

[SECURITY] Fedora 11 Update: GraphicsMagick-1.3.7-4.fc11

GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software...

[SECURITY] Fedora 12 Update: GraphicsMagick-1.3.7-4.fc12

GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software...

SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 1744)

IBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed : - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJD...

[SECURITY] Fedora 10 Update: ocaml-camlimages-3.0.1-3.fc10.3

CamlImages is an image processing library for Objective CAML, which provide s: basic functions for image processing and loading/saving, various image file formats hence providing a translation facility from format to format, and an interface with the Caml graphics library allows to display images...