Mozilla: Use-after-free with imgRequestProxy and image proccessing (MFSA 2014-08)

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data...

Mozilla: Use-after-free with imgRequestProxy and image proccessing (MFSA 2014-08)

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data...

Use-after-free with imgRequestProxy and image processing — Mozilla

Security researcher Arthur Gerkis, via TippingPoint's Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash...

VIPS: Privilege Escalation

Background VIPS is a free image processing system. Description VIPS places a zero-length directory name in the LDLIBRARYPATH, which might result in the current working directory . to be included when searching for dynamically linked libraries. Impact A local attacker could gain escalated privileg...

Mozilla Thunderbird < 24.2 Multiple Vulnerabilities

Binary data 8071.prm...

Thunderbird < 24.2 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - Two use-after-free...

Firefox ESR 24.x < 24.2 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - Two...

Firefox ESR 24.x < 24.2 Multiple Vulnerabilities

The installed version of Firefox ESR 24.x is earlier than 24.2, and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - Two...

Firefox < 26.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - An issue exists where t...

JPEG information leak — Mozilla

Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan SOS and Define Huffman Table DHT markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft...

GraphicsMagick: Multiple vulnerabilities

Background GraphicsMagick is the Swiss army knife of image processing. Description Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially-crafted image file,...

[SECURITY] Fedora 18 Update: GraphicsMagick-1.3.18-2.fc18

GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software...

OpenJDK: image processing vulnerability (2D, 8007617)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

OpenJDK: image processing vulnerability (2D, 8007617)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

XnView PCT File Processing Buffer Overflow (CVE-2013-2577)

A buffer overflow vulnerability exists in XnView. The vulnerability is due to a boundary error in processing image data in certain PCT files. An attacker can exploit this vulnerability by enticing a user to open a maliciously crafted file. A successful attack can lead to arbitrary code execution ...

DSA-2754-1 exactimage - denial of service

Bulletin has no description...

[SECURITY] [DSA 2754-1] exactimage security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2754-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 10, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2754-1 (exactimage - denial of service)

It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialized variable being passed to longjmp. This is a...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-204)

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-2470 , CVE-2013-2471 ,...

Debian Security Advisory DSA 2748-1 (exactimage - denial of service)

Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for procesing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package. OpenVAS Vulnerability Test $Id: deb2748.nasl 6611 2017-07-07 12:07:20...