CVE-2019-16865

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

Debian DLA-1934-1 : cimg security update

Several issues have been found in cimg, a powerful image processing library. CVE-2019-1010174 is related to a missing string sanitization on URLs, which might result in a command injection when loading a special crafted image. The other CVEs are about heap-based buffer over-reads or double frees...

[SECURITY] [DLA 1934-1] cimg security update

Package : cimg Version : 1.5.9+dfsg-1+deb8u1 CVE ID : CVE-2018-7588 CVE-2018-7589 CVE-2018-7637 CVE-2018-7638 CVE-2018-7639 CVE-2018-7640 CVE-2018-7641 CVE-2019-1010174 Several issues have been found in cimg, a powerful image processing library. CVE-2019-1010174 is related to a missing string...

CVE-2019-16887

In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc...

Pillow -- Allocation of resources without limits or throttling

Mitre reports: An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

CVE-2019-16710

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c...

Multiple integer overflow vulnerabilities in LINE(Android)

Overview LINEAndroid provided by LINE Corporation contains multiple integer overflow vulnerabilities CWE-190 listed below. Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007 Integer overflow vulnerability in processing images - CVE-2019-6010 LINE Corporation...

JVN#97845465: Multiple integer overflow vulnerabilities in LINE(Android)

LINEAndroid provided by LINE Corporation contains multiple integer overflow vulnerabilities CWE-190 listed below. Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L| Base...

ImageMagick Buffer Overflow Vulnerability (CNVD-2019-40999)

ImageMagick is a suite of open source image processing software. The software can read, convert or write images in a variety of formats. A buffer overflow vulnerability exists in WriteTIFFImage in the coders/tiff.c file in ImageMagick version 7.0.8-43 Q16. An attacker can exploit this vulnerabili...

Debian DLA-1888-1 : imagemagick security update

Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-12974 NULL pointer dereference in ReadPANGOImage and ReadVIDImage coders/pango.c and coders/vid.c. This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image...

DjVuLibre bitmap reader component resource management error vulnerability

DjVuLibre is an open source implementation of DjVu computer file format , which includes DjVu file viewer , browser plug-ins , DjVu file decoder/encoder and other utilities. bitmap reader is one of the bitmap viewer component . A resource management error vulnerability exists in the bitmap reader...

CVE-2019-11042

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

SDL_image PCX Image Code execution Vulnerability

Summary An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

About the security content of tvOS 12.4

About the security content of tvOS 12.4 This document describes the security content of tvOS 12.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of watchOS 5.3

About the security content of watchOS 5.3 This document describes the security content of watchOS 5.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of iOS 12.4

About the security content of iOS 12.4 This document describes the security content of iOS 12.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

CVE-2019-13960

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the...

GHSA-R7J3-VVH2-XRPJ OS Command Injection in MiniMagick

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a | character followed by a command...

CVE-2019-13574

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

ImageMagick Resource Management Error Vulnerability (CNVD-2019-29434)

ImageMagick is a set of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A security vulnerability exists in ImageMagick Studio ImageMagick version 7.0.8-50 Q16. An attacker could exploit thi...