2179 matches found
[SECURITY] [DLA 2236-1] graphicsmagick security update
Package : graphicsmagick Version : 1.3.20-3+deb8u11 CVE ID : CVE-2020-12672 Debian Bug : 960000 A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images. For Debian 8 "Jessie", this problem has bee...
Mail.ru: ICQ Android APP remote DoS
Memory corruption issue on GIF image processing leads to ICQ for Android application crash with potential for code execution. before testing and reporting DoS conditions please check @mailru rules and scope description to avoid signal/reputation loss, not every DoS report is accepted...
Pillow Temporary file name leakage
The 1 JpegImagePlugin.py and 2 EpsImagePlugin.py scripts in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes...
Accusoft ImageGear TIFF fill_in_raster buffer copy operation code execution vulnerability
Summary An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a...
Fedora 30 : php-horde-horde (2020-fd8761fd13)
horde 5.2.22 - jan SECURITY: Protect image processing service from rendering active SVG content within the browser. - jan SECURITY: Fix XSS vulnerabilities in administration interface. - jan Support Redis Sentinel configuration Michael Menge , Request 14998. - jan Use file hashing for detecting...
exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer overflow via a crafted image file...
SRC-2020-0017 : Foxit Reader Heap Buffer Overflow Remote Code Execution vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
DEBIAN-CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
Out-of-bounds
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
Amazon Linux 2 : python-pillow (ALAS-2020-1412)
The version of python-pillow installed on the remote host is prior to 2.0.0-20.gitd1c6db8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1412 advisory. A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a lo...
EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)
According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the 'crafted image file'...
Debian DLA-2173-1 : graphicsmagick security update
A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage function. For Debian 8 'Jessie', this problem has been fixed in version...
Arbitrary Code Execution
cairo is vulnerable to arbitrary code execution. The vulnerability exists if an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application...
MGASA-2020-0163 Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...
CVE-2020-6822
The Mozilla Foundation Security Advisory describes this flaw as: On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code...
CVE-2020-6822
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.7.0, Firefox ESR 68.7, and Firefox 75...
Mozilla Firefox < 75.0
The version of Firefox installed on the remote Windows host is prior to 75.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-12 advisory. - Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some...