ImageMagick Studio ImageMagick 安全漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.0.8-68 that stems...

CVE-2020-27751

ImageMagick vulnerability CVE-2020-27751 affects MagickCore/quantum-export.c. Processing a crafted file can trigger undefined behavior: values outside the range of unsigned long long and a shift exponent too large for 64-bit, with the likely impact on availability. Affected are ImageMagick versio...

Imagemagick Studio ImageMagick Input Validation Error Vulnerability (CNVD-2020-70259)

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. An input validation error vulnerability exists in versions prior to ImageMagick...

CVE-2020-27776

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability,...

CVE-2020-27763

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause...

Mozilla: Variable time processing of cross-origin images during drawImage calls

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Debian DLA-2473-1 : vips security update

In VIPS, an image processing system, an uninitialized variable which may cause the leakage of remote server path or stack address was fixed. For Debian 9 stretch, this problem has been fixed in version 8.4.5-1+deb9u2. We recommend that you upgrade your vips packages. For the detailed security...

Debian: Security Advisory (DLA-2473-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libvips Information Disclosure Vulnerability

libvips is a demand-driven multi-threaded image processing library. libvips versions prior to 8.8.2 are vulnerable to an information disclosure. The vulnerability stems from imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips having uninitialized variables. An attacker could use this...

macOS 11.0.x < 11.0.1

The remote host is running a version of macOS / Mac OS X that is 11.0.x prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities, including the following: - An out-of-bounds write issue that can lead to unexpected application termination or arbitrary code execution when opening a...

PT-2020-16856 · Apple · Macos Catalina +7

Name of the Vulnerable Software and Affected Versions: macOS Big Sur versions prior to 11.1 macOS Catalina versions prior to Security Update 2020-001 macOS Mojave versions prior to Security Update 2020-007 macOS Big Sur version 11.0.1 iOS versions prior to 14.2 iPadOS versions prior to 14.2 watch...

CVE-2020-0452

In exifentrygetvalue of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for...

Multiple Apple Products Input Validation Error Vulnerability (CNVD-2020-61627)

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple tvOS is a smart TV operating system. tvOS is a smart TV operating system. tvOS is a smart TV operating system. tvOS is a smart TV operating system. tvOS is a smart TV operating...

About the security content of watchOS 7.1

About the security content of watchOS 7.1 This document describes the security content of watchOS 7.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Google Android Pixel Neural Core Component Buffer Overflow Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Pixel Neural Core is one of the image processing components. A security vulnerability exists in the Pixel Neural Core component of Google Android. An attacker can exploit the...

Debian DLA-2421-1 : cimg security update

Several issues have been found in cimg, a powerful image processing library. CVE-2019-1010174 is related to a missing string sanitization on URLs, which might result in a command injection when loading a special crafted image. The other CVEs are about heap-based buffer over-reads or double frees...

Debian: Security Advisory (DLA-2421-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2421-1] cimg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2421-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 30, 2020 https://wiki.debian.org/LTS -...

CVE-2020-3880

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to...

CVE-2020-9961

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution...