[SECURITY] Fedora 26 Update: vips-8.5.8-2.fc26

VIPS is an image processing library. It is good for very large images even larger than the amount of RAM in your machine, and for working with color. This package should be installed if you want to use a program compiled against VIPS...

Artifex MuPDf JBIG2 Parser Code Execution Vulnerability(CVE-2016-8729)

Summary An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the...

ImageMagick ReadMATImage Function Denial of Service Vulnerability

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. A denial of service vulnerability exists in the ReadMATImage function in coders/mat.c in ImageMagick, which can be exploited by an attacker to cause a denial of servic...

ImageMagick memory leak vulnerability (CNVD-2017-25389)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A memory leak vulnerability exists in the WriteMSLImage of the coders/msl.c file in ImageMagick version 7.0.6-2. An...

Gdk-Pixbuf JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability

Summary An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. Tested...

CVE-2017-12920

CVE-2017-12920 affects libfpx version 1.3.1_p6; the vulnerability is a denial of service caused by a NULL pointer dereference in CDirectory::GetDirEntry in dir.cxx when parsing a crafted FlashPIX (fpx) image. The connected sources describe a remote trigger via a crafted image; no exploitation sta...

ImageMagick memory leak vulnerability (CNVD-2017-25053)

ImageMagick is the United States ImageMagick Studio company's set of open source image processing software. A memory leak vulnerability exists in the 'ReadMATImage' function of the ImageMagick coders/mat.c file, which allows remote attackers to exploit the vulnerability to construct malicious fil...

GraphicsMagick buffer overflow vulnerability (CNVD-2017-237216)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A buffer overflow vulnerability exists in the 'GetStyleTokens' function in coders/svg.c:314:12 in GraphicsMagick version 1.3.26. An attacker can exploit this...

CVE-2017-12864

In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier...

CVE-2017-12428

In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c...

Debian DLA-1055-1 : libgd2 security update

Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a...

CVE-2017-11269

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF image stream data. Successful exploitatio...

Wolf in sheep's clothing: how to use the Windows icon to display the vulnerability disguise a PE file-vulnerability warning-the black bar safety net

One, Foreword Windows System icon to display the function in the presence of a vulnerability, exploit this vulnerability, the attacker may be from the local host to automatically “borrow“ other commonly used icons, use these icon camouflage PE file, thereby tempting the user to click on such a...

ImageMagick Denial of Service Vulnerability (CNVD-2017-21004)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in the 'DestroyImage' function of the MagickCore/image.c file in ImageMagick...

CVE-2017-12597

OpenCV Open Source Computer Vision Library (

CVE-2017-12605

OpenCV Open Source Computer Vision Library (up to 3.3) contains an out-of-bounds write in FillColorRow8 (utils.cpp) when reading images via cv::imread, as identified in CVE-2017-12605. Connected sources confirm the affected component and function, and multiple advisories surface the risk across d...

CVE-2017-12604

OpenCV CVE-2017-12604 affects OpenCV up to version 3.3, where an out-of-bounds write occurs in FillUniColor (utils.cpp) when reading an image via cv::imread. The vulnerability is tied to memory write behavior and is documented across multiple advisories; Debian LTS notes patches in 2.4.9.1+dfsg1-...

CVE-2017-12606

OpenCV (Open Source Computer Vision Library) up to version 3.3 is affected by CVE-2017-12606 due to an out-of-bounds write in FillColorRow4 in utils.cpp when reading an image with cv::imread. The described impact is memory corruption, with exploitation status not provided in the supplied document...

USN-3363-2: ImageMagick regression

USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick...

GraphicsMagick buffer overflow vulnerability (CNVD-2017-19974)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A buffer overflow vulnerability exists in the 'WriteCMYKImage' function in the coders/cmyk.c file in GraphicsMagick version 1.3.26. An attacker can exploit...