Amazon Linux 2 : python-pillow (ALAS-2020-1412)

The version of python-pillow installed on the remote host is prior to 2.0.0-20.gitd1c6db8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1412 advisory. A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a lo...

The vulnerability of the unpacked_load_raw() function in the LibRaw image processing library allows a attacker to cause a service failure.

The vulnerability of the unpackedloadraw function in dcrawcommon.cpp in the LibRaw image processing library is related to type conversion errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the 'crafted image file'...

Debian DLA-2173-1 : graphicsmagick security update

A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage function. For Debian 8 'Jessie', this problem has been fixed in version...

Arbitrary Code Execution

cairo is vulnerable to arbitrary code execution. The vulnerability exists if an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application...

MGASA-2020-0163 Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...

CVE-2020-6822

The Mozilla Foundation Security Advisory describes this flaw as: On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code...

CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

UBUNTU-CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...

Mozilla Firefox < 75.0

The version of Firefox installed on the remote Windows host is prior to 75.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-12 advisory. - Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some...

CVE-2018-5801

A NULL pointer dereference flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

PT-2020-6981 · Libraw +3 · Libraw +3

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an out-of-bounds read vulnerability within the get huffman diff function in the librawsrcx3fx3f utils patched.cpp component of the LibRaw library for image processing...

CVE-2018-5800

A heap-based out-of-bounds access flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

Multiple Apple Products Image Processing Component Resource Management Error Vulnerability

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple iPadOS is an operating system for iPad tablets. image Processing is one of the image processing Image Processing is one of the image processing components. A resource management...

python security update

CentOS Errata and Security Advisory CESA-2020:0898 An update for python-imaging is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Debian DLA-2152-1 : graphicsmagick security update

A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that allows allows an attacker to read arbitrary files via a crafted image because of TranslateTextEx for SVG. For Debian 8 'Jessie', this problem has been fixed in version 1.3.20-3+deb8u9. We recommend that...

Debian: Security Advisory (DLA-2152-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2152-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.20-3+deb8u9 CVE ID : CVE-2019-12921 A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that allows allows an attacker to read arbitrary files via a crafted image because of TranslateTextEx for SVG. For Debian 8 "Jessie"...

Adobe Photoshop Buffer Overflow Vulnerability (CNVD-2020-17967)

Adobe Photoshop, or "PS" for short, is an image processing software developed and distributed by Adobe. A buffer overflow vulnerability exists in Adobe Photoshop. An attacker could exploit this vulnerability to execute arbitrary code...

Accusoft ImageGear Buffer Overflow Vulnerability (CNVD-2020-16507)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A buffer overflow vulnerability exists in the JPEG raster image parser igcore19d.dll in Accusoft ImageGear version 19.5.0. A remote attacker could exploit this vulnerability to execute code...