Buffer overflow

A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution...

Input validation

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory...

CVE-2023-32372

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory...

CVE-2023-32384

CVE-2023-32384 affects Apple operating systems including watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 15.7.6 and 16.5, and iPadOS 15.7.6 and 16.5. The issue is a buffer overflow triggered during image processing, with the root cause stated as improv...

CVE-2023-32372

CVE-2023-32372 is an Apple vulnerability: an out-of-bounds read in ImageIO was addressed by improved input validation. Affected software includes iOS 16.5 and iPadOS 16.5 (and related Apple OSes such as watchOS 9.5, tvOS 16.5, macOS Ventura 13.4). The root cause is an out-of-bounds read while pro...

OESA-2023-1350 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

SUSE CVE-2023-26965

loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image...

ROS-20230615-01

LibRaw image processing library vulnerability is related to heap buffer overflow in raw2imageex. Exploitation of the vulnerability could allow an attacker acting remotely to cause an application to application crash due to a maliciously crafted input file...

OESA-2023-1332 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

ImageMagick 命令注入漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in a variety of formats. A security vulnerability exists in ImageMagick, which stems from a shell command injection vulnerability...

USN-6110-1 Jhead vulnerabilities

It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS...

部分Apple产品 安全漏洞

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in some Apple products, which stems from processing images that may lead to arbitrary code execution. The following products and versions are affected: watchOS before 9.5, tvOS...

Apple macOS Ventura 缓冲区错误漏洞

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A buffer error vulnerability exists in Apple macOS Ventura version 13.4, which stems from the fact that processing an image may result in a process memory leak...

About the security content of iOS 15.7.6 and iPadOS 15.7.6

About the security content of iOS 15.7.6 and iPadOS 15.7.6 This document describes the security content of iOS 15.7.6 and iPadOS 15.7.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value

A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap exhaustion when processing a crafted NTFS image file or partition...

[SECURITY] Fedora 37 Update: vtk-9.1.0-18.fc37

VTK is an open-source software system for image processing, 3D graphics, volume rendering and visualization. VTK includes many advanced algorithms e.g., surface reconstruction, implicit modeling, decimation and rendering techniques e.g., hardware-accelerated volume rendering, LOD control. NOTE: T...

The vulnerability of the Pillow image processing library, related to a resource management error, allows a perpetrator to execute a type of attack known as a “denial-of-service” attack.

The vulnerability of the Pillow image processing library is related to improper management of internal resources when working with highly compressed GIF data. Exploiting this vulnerability can allow a remote attacker to execute a “denial-of-service” attack using a specially created GIF file...

CVE-2023-23534

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory...

Design/Logic Flaw

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process...

Input validation

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory...