2179 matches found
CVE-2022-22611
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution...
CVE-2022-22611
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution...
Memory corruption
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption...
CVE-2022-21831
A flaw was found in the Active Storage module of Rails, where the transformation method or its arguments for imageprocessing are not trusted arbitrary input. This flaw allows an attacker to inject code in Rails. Mitigation To work around this issue, applications should implement a strict allow-li...
Apple iOS和Apple iPadOS 缓冲区错误漏洞
Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in ImageIO in Apple iOS 15.4 and iPadOS prior to 15.4, which originates from processing a...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection where the transformation method or its arguments are untrusted arbitrary input. Note: This vulnerability impacts applications that use Active Storage with the imageprocessing processing in addition to the...
Possible code injection vulnerability in Rails / Active Storage
There is a possible code injection vulnerability in the Active Storage module of Rails. This vulnerability has been assigned the CVE identifier CVE-2022-21831. Versions Affected: = 5.2.0 Not affected: params:v % Where the transformation method or its arguments are untrusted arbitrary input. All...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution due to the the usage of the apply method also called by Active Storage variants to apply a series of operations that are coming from unsanitized user input. PoC ruby ImageProcessing::Vips.apply system: "echo...
DEBIAN-CVE-2022-24720
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
CVE-2022-24720
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
Design/Logic Flaw
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
UBUNTU-CVE-2022-24720
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
Remote shell execution vulnerability in image_processing
Impact When using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input, this allows the attacker to execute shell commands: rb ImageProcessing::Vips.apply system: "echo EXECUTED" EXECUTED This method is called internally by Active Stora...
CVE-2022-24720
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
PT-2022-2570
Name of the Vulnerable Software and Affected Versions image processing versions prior to 1.12.2 ruby-image-processing versions prior to 1.10.3-1+deb11u1 Description The image processing library, a wrapper for libvips and ImageMagick/GraphicsMagick, contains a flaw where unsanitized user input...
CVE-2022-24720 Improper Input Validation in image_processing
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
Image-Processing 安全漏洞
Image-Processing is an image-processing code repository that uses C. A security vulnerability exists in Image-Processing versions prior to 1.12.2 that stems from the use of unprocessed user input in the apply method, which allows an attacker to execute system commands...
CVE-2022-24720 Improper Input Validation in image_processing
imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...
Accusoft ImageGear Heap Buffer Overflow Vulnerability (CNVD-2022-35421)
Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, U.S. Accusoft ImageGear suffers from a heap buffer overflow vulnerability, which can be exploited by attackers to build files that could result in a heap buffer overflow...
Accusoft ImageGear Heap Buffer Overflow Vulnerability (CNVD-2022-35420)
Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, U.S. Accusoft ImageGear suffers from a heap buffer overflow vulnerability, which can be exploited by attackers to build files that could result in a heap buffer overflow...