Simple DirectMedia Layer SDL2_Image do_layer_surface code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp

An out-of-bounds read flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images...

[SECURITY] Fedora 28 Update: CImg-2.3.6-1.fc28

The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...

[SECURITY] Fedora 29 Update: CImg-2.3.6-1.fc29

The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...

[SECURITY] Fedora 27 Update: gmic-2.3.6-1.fc27

G'MIC is an open and full-featured framework for image processing, providing several different user interfaces to convert/manipulate/filter/visualize generic image datasets, from 1d scalar signals to 3d+t sequences of multi-spectral volumetric images...

[SECURITY] Fedora 27 Update: CImg-2.3.6-1.fc27

The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...

Socusoft Photo To Video Converter Handles BMP with Memory Corruption Vulnerability

Socusoft Photo To Video Converter is a free slideshow maker that converts a bunch of photos into one video file. Socusoft Photo To Video Converter handles BMP with a memory corruption vulnerability that can be exploited by attackers to cause the program to crash by constructing malformed BMP imag...

SUSE-SU-2018:2676-1 Security update for tiff

This update for tiff fixes the following issues: The following security vulnerabilities were addressed: - CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tifpackbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of...

UBUNTU-CVE-2018-16323

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the...

pixiv: RCE due to ImageTragick v2

Hello Pixiv team! Your Image processing process suffering from ImageTragick v2. Issue is caused by ghostscript RCE findnings. How to reproduce: PATCH /design Host: manage.booth.pm send following image: ------WebKitFormBoundaryXX05yrKS4g8d9CWh Content-Disposition: form-data; name="shopheader";...

ghostscript command execution vulnerability alerts-a vulnerability alert-the black bar safety net

8 on the 21st, Tavis Ormandy disclosed by the mail list hxxps://bugs. chromium. org/p/project-zero/issues/detail? id=1640, and again that ghostscript security sandbox can be bypassed by constructing a malicious image content, can cause the command execution. ghostscript is widely used, ImageMagic...

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Google Project Zero's security researcher has discovered a critical remote code execution RCE vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on differen...

[SECURITY] [DSA 4276-1] php-horde-image security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4276-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 17, 2018 https://www.debian.org/security/faq -...

CVE-2016-9572

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...

CVE-2016-9572

A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...

CVE-2016-9572

CVE-2016-9572 : OpenJPEG 2.1.2 contains a NULL pointer dereference when decoding certain input images due to a logic error in the decoding path, which could cause an application crash. Public references describe this as a vulnerability in the OpenJPEG JPEG 2000 codec with multiple advisories noti...

Vulnerability Spotlight: Computerinsel Photoline Multiple Vulnerabilities

Vulnerabilities discovered by Tyler Bohan from Talos Overview Today, Cisco Talos is disclosing several vulnerabilities in Computerinsel Photoline. Photoline is an image-processing tool used to modify and edit images, as well as other graphic-related material. This product has a sizable user base...

Computerinsel Photoline PSD Blending Channel Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerabili...

Computerinsel Photoline ANI Parsing Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this...

[SECURITY] [DLA 1401-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.20-3+deb8u3 CVE ID : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241 CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 CVE-2017-11636 CVE-2017-11643 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13134 CVE-2017-14314...