CVE-2020-9936

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may...

PT-2020-4369 · Microsoft · Windows Codecs Library

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Codecs Library affected versions not specified Description: A remote code execution issue exists in the way Microsoft Windows Codecs Library handles objects in memory. This could allow an attacker to execute arbitrary code i...

OSV-2020-1867 Use-of-uninitialized-value in PerceptibleReciprocal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26023 Crash type: Use-of-uninitialized-value Crash state: PerceptibleReciprocal CompositeImage loadlevel...

Heap Override Write Vulnerability in Light and Shadow Magic

Light Magic Hand is a graphic image processing software. A heap out-of-bounds write vulnerability exists in LightShadowMagician, which can be exploited by an attacker to cause a denial of service on the server...

PT-2020-20898 · Apple · Apple Macos +1

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.15.7 Security Update versions prior to 2020-005 for High Sierra and Mojave Description: An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted image may lead to...

Heap Overflow Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58817)

LightShadow Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap overflow vulnerability that allows an attacker to construct a special picture to cause the software to crash, which can also...

Heap Overwrite Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58812)

LightShadow Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap of out-of-bounds writing vulnerabilities, an attacker can construct a special picture to cause the software to crash, and ca...

Heap Overwrite Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58819)

Light Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap of out-of-bounds writing vulnerabilities, an attacker can construct a special picture to cause the software to crash, and can also...

Heap Overwrite Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58808)

LightShadow Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap of out-of-bounds writing vulnerabilities, an attacker can construct a special picture to cause the software to crash, and ca...

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

MGASA-2020-0337 Updated jasper packages fix security vulnerabilities

The jasmatrixbindsub function in jasseq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service invalid read via a crafted image CVE-2017-6851. Heap-based buffer overflow in the jpcdecdecodepkt function in jpct2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified...

UBUNTU-CVE-2020-17507

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. readxbmbody in gui/image/qxbmhandler.cpp has a buffer over-read...

CVE-2020-0247

In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0...

PT-2020-20826 · Apple · Itunes For Windows +7

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 13.6 Apple iPadOS versions prior to 13.6 Apple macOS Catalina versions prior to 10.15.6 Apple tvOS versions prior to 13.4.8 Apple watchOS versions prior to 6.2.8 Apple iTunes for Windows versions prior to 12.10.8...

About the security content of iTunes 12.10.8 for Windows

About the security content of iTunes 12.10.8 for Windows This document describes the security content of iTunes 12.10.8 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

OSV-2020-1536 Segv on unknown address in GetValueFromLinkedList

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20923 Crash type: Segv on unknown address Crash state: GetValueFromLinkedList Magick::throwException Magick::Image::read...

Important: python-pillow security update

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fixes: python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in...

python-pillow security update

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-pillow packages contain a Python image processing library th...

OSV-2020-1516 Use-of-uninitialized-value in ScaleQuantumToChar

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22583 Crash type: Use-of-uninitialized-value Crash state: ScaleQuantumToChar LosslessReduceDepthOK ReadOneMNGImage...

OSV-2020-1394 Index-out-of-bounds in LibRaw::ahd_interpolate_r_and_b_in_rgb_and_convert_to_cielab

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23605 Crash type: Index-out-of-bounds Crash state: LibRaw::ahdinterpolaterandbinrgbandconverttocielab LibRaw::ahdinterpolaterandbandconverttocielab LibRaw::ahdinterpolate...