2235 matches found
CVE-2023-45662
CVE-2023-45662 affects stb_image (stb_image.h). When stbi_set_flip_vertically_on_load is TRUE and the requested component count (req_comp) doesn’t match the actual components per pixel, memcpy can perform an out-of-bounds read because bytes_per_pixel used to compute bytes_per_row may not reflect ...
CVE-2023-45662 Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image
stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...
CVE-2023-45661 Wild address read in stbi__gif_load_next in stb_image
stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...
CVE-2023-45661 Wild address read in stbi__gif_load_next in stb_image
stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...
PT-2023-28743 · Xnsoft · Xnsoft Nconvert
Name of the Vulnerable Software and Affected Versions: XNSoft Nconvert version 7.136 Description: The issue is related to a Buffer Overflow, which can be triggered by a crafted image file, leading to a User Mode Write AV. This could result in a Denial of Service DoS or potentially allow code...
The vulnerability of the DICOM Viewer Pro software in processing medical images allows a hacker to execute arbitrary code by writing outside the buffer.
The vulnerability of the DICOM Viewer Pro software for viewing and processing medical images is related to writing outside the buffer. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
PT-2023-35526 · Git +1 · Ghostscript
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which is a type of memory corruption bug. The crash state indicates that the error occurs during the...
Accusoft ImageGear Buffer Error Vulnerability
Accusoft ImageGear is a software development kit SDK for image processing from Accusoft Corporation. A buffer error vulnerability exists in Accusoft ImageGear version 20.1, which stems from a specially crafted, incorrectly formatted file that may result in memory corruption...
The vulnerability of Firefox browsers, related to the use of memory after it is freed, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Firefox browsers relates to the use of memory after it is freed during the processing of SVG images. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
libwebp: Heap buffer overflow in WebP Codec
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...
libwebp: Heap buffer overflow in WebP Codec
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...
libwebp: Heap buffer overflow in WebP Codec
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that...
CVE-2023-40032
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...
CVE-2023-40032
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...
Input validation
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...
UBUNTU-CVE-2023-40032
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...
CVE-2023-40032
CVE-2023-40032 (libvips) affects libvips versions 8.14.3 and earlier. A crafted SVG input can cause a segmentation fault when parsing a malformed UTF-8 character, leading to a potential denial of service through crash. The issue requires local access with low privileges and no user interaction, a...
CVE-2023-40032 Potential segfault due to NULL pointer dereference in libvips
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...
CVE-2023-40032
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...