Design/Logic Flaw

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory...

CVE-2023-23534

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory...

CVE-2023-23535

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process...

Information Disclosure

gatsby-plugin-sharp is vulnerable to Information Disclosure. The vulnerability is due to a path traversal when running the Gatsby development server because it exposes several image processing functions which allows an attacker to gain access to arbitrary files on the host...

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548

The CVE-2023-30548 issue affects gatsby-plugin-sharp prior to versions 5.8.1 and 4.25.1, introducing a path traversal vulnerability when running the Gatsby develop server. By default, develop is bound to localhost, but if exposed (e.g., via --host 0.0.0.0, -H 0.0.0.0, or GATSBY_HOST=0.0.0.0), an ...

CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

OpenImageIO Project OpenImageIO TGAInput::decode_pixel() out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2023-1708 OpenImageIO Project OpenImageIO TGAInput::decodepixel out-of-bounds read vulnerability March 30, 2023 CVE Number CVE-2023-22845 SUMMARY An out-of-bounds read vulnerability exists in the TGAInput::decodepixel functionality of OpenImageIO Project OpenImage...

OpenImageIO Project OpenImageIO FitsOutput::close() denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1709 OpenImageIO Project OpenImageIO FitsOutput::close denial of service vulnerability March 30, 2023 CVE Number CVE-2023-24472 SUMMARY A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1...

USN-5974-1: GraphicsMagick vulnerabilities

It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, an attacker could possibly use this issue to...

PT-2023-21446 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 Description: An out-of-bounds read was addressed with improved input validation. Processing an image may result in disclosure of process memory. Recommendations: For versions prior to 13.3, update to macOS Ventura...

About the security content of watchOS 9.4

About the security content of watchOS 9.4 This document describes the security content of watchOS 9.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

PT-2023-19017 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 macOS Big Sur versions prior to 11.7.5 Description: The issue was addressed with improved checks. Processing a maliciously crafted image may result in disclosure of process memory. Recommendations: For macOS...

PT-2023-8409 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 tvOS versions prior to 16.4 iOS versions prior to 16.4 iPadOS versions prior to 16.4 watchOS versions prior to 9.4 Description: The issue is related to an out-of-bounds read in memory, which may allow a remote...

PT-2023-21443 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 Description: An out-of-bounds read was addressed with improved input validation. Processing an image may result in disclosure of process memory. Recommendations: For versions prior to 13.3, update to macOS Ventura...

PT-2023-21442 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 Description: An out-of-bounds read was addressed with improved input validation. Processing an image may result in disclosure of process memory. Recommendations: For versions prior to 13.3, update to macOS Ventura...

PT-2023-4696 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 Description: An out-of-bounds read issue was addressed with improved input validation. Processing an image may result in disclosure of process memory. This issue may allow an attacker to gain unauthorized access t...

PT-2023-21427 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 tvOS versions prior to 16.4 iOS versions prior to 16.4 iPadOS versions prior to 16.4 watchOS versions prior to 9.4 Description: An out-of-bounds read issue was addressed with improved input validation. Processing ...