USN-3693-1 jasper vulnerabilities

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

SUSE-SU-2018:1825-1 Security update for jpeg

This update for jpeg fixes the following issues: CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service crash when processing images bsc1062937 CVE-2018-11813: Fixed the end-of-file mishandling in readpixel in rdtarga.c, which allowed remote attacker...

Debian DLA-1395-1 : php-horde-image security update

It was discovered that there were two remote code execution vulnerabilities in php-horde-image, the image processing library for the Horde groupware tool : - CVE-2017-9774: A remote code execution vulnerability RCE that was exploitable by a logged-in user sending a maliciously crafted HTTP GET...

CVE-2018-1152

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image...

ImageMagick Buffer Overflow Vulnerability (CNVD-2018-12313)

ImageMagick is the United States ImageMagick Studio company's set of open source image processing software. A security vulnerability exists in versions of ImageMagick prior to 6.9.4-4. A remote attacker could exploit this vulnerability to cause a denial of service application crash...

Basecamp: Remote code execution on Basecamp.com

A critical flaw in Basecamp's profile image upload function leads to remote command execution. Images are converted on the server side, but not only image files but also PostScript/EPS files are accepted if renamed to .gif. This is probably due to ImageMagick / GraphicsMagick being used for image...

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10645

grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

DEBIAN-CVE-2018-11489

The DGifDecompressLine function in dgiflib.c in GIFLIB possibly version 3.0.x, as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact...

ImageMagick Infinite Loop Vulnerability

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. An infinite loop vulnerability exists in the ReadTXTImage function in coders/txt.c in ImageMagick 7.0.7-16 Q16 x8664 2017-12-22. An attacker can exploit this...

ImageMagick infinite loop vulnerability (CNVD-2018-12308)

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. An infinite loop vulnerability exists in ReadMIFFImage in coders/miff.c in ImageMagick 7.0.7-16 Q16 x8664 2017-12-22. An attacker can exploit this vulnerability to cau...

[SECURITY] Fedora 28 Update: leptonica-1.76.0-1.fc28

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

UBUNTU-CVE-2018-10804

ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c...

[SECURITY] Fedora 27 Update: opencv-3.2.0-15.fc27

OpenCV means Intel=EF=BF=BD=EF=BF=BD Open Source Computer Vision Library. I t is a collection of C functions and a few C++ classes that implement some popular Image Process ing and Computer Vision algorithms...

[SECURITY] Fedora 26 Update: opencv-3.2.0-15.fc26

OpenCV means Intel=EF=BF=BD=EF=BF=BD Open Source Computer Vision Library. I t is a collection of C functions and a few C++ classes that implement some popular Image Process ing and Computer Vision algorithms...

GEGL Denial of Service Vulnerability (CNVD-2018-08259)

GEGL is a data stream based image processing framework. The framework provides floating point processing and lossless image processing for projects such as the GNU Image Manipulation Program. A security vulnerability exists in GEGL 0.3.32 and earlier versions, which stems from the failure of the...

Denial of Service Vulnerability in Good Photo Image Processing Software for Processing BMP Images

Good Photo is a multi-platform professional-grade image processing software developed by Chengdu Hengtu Technology Co. A memory corruption vulnerability exists in the processing of BMP images by Good Photo image processing software. An attacker can cause the program to crash by constructing a...

CVE-2018-3861

Cisco Talos details CVE-2018-3861 as a memory corruption in Computerinsel Photoline 20.53 TIFF parsing. The TIFF tile/scan parsing code can compute an address from image data without proper validation, enabling an out-of-bounds write that overwrites data and can lead to code execution. The TALOS-...

CVE-2018-3889

Summary: CVE-2018-3889 is a memory-corruption vulnerability in Computerinsel Photoline 20.53 (OS X) within the PCX parsing path. A specially crafted PCX image can trigger an out-of-bounds write in the PCX handling (notably in color-map/decompression logic), overwriting data and potentially enabli...