Remote Code Execution (RCE)

Typo3/Cms is vulnerable to remote code execution. Improper configuration of the applications used for image processing allows an attacker to execute arbitrary code on the server by uploading a malicious image file containing PostScript code...

TYPO3 Multiple Vulnerabilities (TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if description...

Remote code execution

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick...

Possible Arbitrary Code Execution in Image Processing

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-012...

Possible Arbitrary Code Execution in Image Processing

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-012...

Possible Arbitrary Code Execution in Image Processing

Image processing, e.g. for generating thumbnails, is actually delegated to ImageMagick or GraphicsMagick for the low-level processing. Whenever ImageMagick is invoked in order to convert data the mime-type of the source is identified for invoking according coders when reading data. In case an...

Fedora Update for leptonica FEDORA-2018-4db33b3753

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Memory Corruption

OpenJDK 7 Java Runtime Environment and OpenJDK 7 Software Development Kit is vulnerable to memory corruption. It is due to an insufficient "validation of images" in share/native/sun/awt/image/awtImageRep.c, possibly involving offsets, causing 2D component to not properly process certain images...

ImageMagick heap buffer overflow vulnerability (CNVD-2019-14255)

ImageMagick Studio ImageMagick is a suite of open-source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. ImageMagick Studio A heap buffer overflow vulnerability exists in the 'WriteTIFFImage' function ...

CVE-2019-6601

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager AAM wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts...

Design/Logic Flaw

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager AAM wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts...

CVE-2019-6601

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager AAM wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts...

SQL VSS writer fails for SQL localdb on Azure AD Connect Sync server.

Challenge Backup or replication jobs with Application Aware Image-Processing enabled may fail on the server hosting Azure AD Connect Sync with an error indicating the SQL writer has failed. After the job has failed, running "Vssadmin list writers" from an administrative command prompt on the Azur...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GD vulnerabilities (USN-3900-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3900-1 advisory. It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with ...

USN-3900-1: GD vulnerabilities

It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code...

PYSEC-2019-248

An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...

AdvanceCOMP Invalid Memory Access Vulnerability

AdvanceCOMP is a set of cross-platform command-line data compression tools. An invalid memory access vulnerability exists in the advpngunfilter8 function in png.c in AdvanceCOMP 2.1. An attacker can exploit this vulnerability to cause a denial of service segmentation error or possibly other impac...

TAU Threat Intelligence Notification: Spear Phishing Targeting Italy

Summary This campaign is targeting users in Italy with spear phishing email containing malicious attachments. Figure 1: Emails with the malicious XLS attachment The image above show one of the sample has attached in multiple email that has been sent to email address with Italy ccTLD. The attached...

Out-of-bounds

An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and...

CVE-2018-3973

An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and...