PT-2022-3459 · Pillow · Pillow

Name of the Vulnerable Software and Affected Versions: Pillow version 9.1.0 Description: The issue is related to a heap buffer overflow in the processing of invalid TGA image files. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected...

TYPO3 Image Processing susceptible to Code Execution

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary gs must be available on the...

GHSA-3W4H-R27H-4R2W TYPO3 Image Processing susceptible to Code Execution

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary gs must be available on the...

The vulnerability of the ImageProcessing software arises from the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing attackers to execute shell commands.

The vulnerability of the ImageProcessing software exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute shell commands...

Updated python-pillow packages fix security vulnerability

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary...

CVE-2022-29977

There is an assertion failure error in stbijpeghuffdecode, stbimage.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file...

CVE-2022-27114

There is a vulnerability in htmldoc 1.9.16. In imageloadjpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer...

Adobe Photoshop Out-of-Bounds Read Vulnerability (CNVD-2022-50237)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. An out-of-bounds read vulnerability exists in Adobe Photoshop. An attacker could exploit this vulnerability to cause a sensitive memory leak...

Fedora: Security Advisory for zxing-cpp (FEDORA-2022-e22f1a8c17)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ImageMagick Resource Management Error Vulnerability (CNVD-2022-38157)

ImageMagick is a set of open source image processing software. The software can read, convert or write images in a variety of formats.ImageMagick is vulnerable to security flaws, which attackers exploit by sending specially crafted DICOM image files to cause information leakage and denial of...

Accusoft ImageGear heap buffer overflow vulnerability (CNVD-2022-35412)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear, which can be exploited by an attacker to pass specially crafted data to an application, trigger a heap buffer overflow, and execute arbitrary code o...

Accusoft ImageGear out-of-bounds write vulnerability (CNVD-2022-35417)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear that originates from a boundary error when handling untrusted input in the TIFF YCbCr image parser function. An attacker can exploit the vulnerabilit...

Accusoft ImageGear heap buffer overflow vulnerability (CNVD-2022-35415)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear, which can be exploited by an attacker to pass crafted data to an application, trigger a heap buffer overflow, and execute arbitrary code on the targ...

Accusoft ImageGear heap buffer overflow vulnerability (CNVD-2022-35414)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear, which can be exploited by an attacker to pass crafted data to an application, trigger a heap buffer overflow, and execute arbitrary code on the targ...

Accusoft ImageGear heap buffer overflow vulnerability (CNVD-2022-35411)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear, which can be exploited by an attacker to pass specially crafted data to an application, trigger a heap buffer overflow, and execute arbitrary code o...

Accusoft ImageGear heap buffer overflow vulnerability (CNVD-2022-35416)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear, which can be exploited by an attacker to pass crafted data to an application, trigger a heap buffer overflow, and execute arbitrary code on the targ...

Adobe Photoshop Out-of-Bounds Write Vulnerability (CNVD-2022-50239)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from an out-of-bounds write vulnerability. An attacker can exploit this vulnerability to execute arbitrary code in the contex...

Adobe Photoshop out-of-bounds write vulnerability (CNVD-2022-42165)

Adobe Photoshop is a set of image processing software from Adobe. Adobe Photoshop is vulnerable to an out-of-bounds write vulnerability. An attacker could exploit this vulnerability to execute arbitrary code in the context of the current user...

Adobe Photoshop out-of-bounds write vulnerability (CNVD-2022-42167)

Adobe Photoshop is a set of image processing software from Adobe. Adobe Photoshop is vulnerable to an out-of-bounds write vulnerability. An attacker could exploit the vulnerability to execute arbitrary code in the context of the current user...

Adobe Photoshop input validation error vulnerability

Adobe Photoshop is a set of image processing software from Adobe. Adobe Photoshop is vulnerable to an input validation error. An attacker could exploit the vulnerability to execute arbitrary code in the context of the current user...