CVE-2023-45663

Summary (concrete details from connected docs): The vulnerability CVE-2023-45663 affects the single-file image library stb_image. The issue is in the stbi__getn function, which reads bytes into a buffer; in two loading paths (stbi__hdr_load and stbi__tga_load) the function’s return value is not c...

CVE-2023-45663

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

CVE-2023-45662 Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

CVE-2023-45662 Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

CVE-2023-45662 Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

CVE-2023-45662

CVE-2023-45662 affects stb_image (stb_image.h). When stbi_set_flip_vertically_on_load is TRUE and the requested component count (req_comp) doesn’t match the actual components per pixel, memcpy can perform an out-of-bounds read because bytes_per_pixel used to compute bytes_per_row may not reflect ...

CVE-2023-45662

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

CVE-2023-45662

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

CVE-2023-45661 Wild address read in stbi__gif_load_next in stb_image

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

CVE-2023-45661 Wild address read in stbi__gif_load_next in stb_image

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

PT-2023-28743 · Xnsoft · Xnsoft Nconvert

Name of the Vulnerable Software and Affected Versions: XNSoft Nconvert version 7.136 Description: The issue is related to a Buffer Overflow, which can be triggered by a crafted image file, leading to a User Mode Write AV. This could result in a Denial of Service DoS or potentially allow code...

The vulnerability of the DICOM Viewer Pro software in processing medical images allows a hacker to execute arbitrary code by writing outside the buffer.

The vulnerability of the DICOM Viewer Pro software for viewing and processing medical images is related to writing outside the buffer. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

PT-2023-35526 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which is a type of memory corruption bug. The crash state indicates that the error occurs during the...

Accusoft ImageGear Buffer Error Vulnerability

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft Corporation. A buffer error vulnerability exists in Accusoft ImageGear version 20.1, which stems from a specially crafted, incorrectly formatted file that may result in memory corruption...

The vulnerability of Firefox browsers, related to the use of memory after it is freed, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Firefox browsers relates to the use of memory after it is freed during the processing of SVG images. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

libwebp: Heap buffer overflow in WebP Codec

A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...

libwebp: Heap buffer overflow in WebP Codec

A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...

libwebp: Heap buffer overflow in WebP Codec

A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that...

CVE-2023-40032

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...