171 matches found
SUSE CVE-2024-9029
A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the readiptcprofile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library,...
UBUNTU-CVE-2024-28568
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the readiptcprofile function when reading images in TIFF format...
FreeImage Security Vulnerability
FreeImage is a cross-platform open source library for supporting popular graphic image formats. A security vulnerability exists in FreeImage version v.3.19.0, which stems from a buffer overflow vulnerability. A local attacker can exploit this vulnerability to cause a Denial of Service DoS via the...
PT-2024-22470 · Freeimage +1 · Freeimage +1
Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 r1909 Description: A Buffer Overflow issue allows a local attacker to cause a denial of service DoS via the read iptc profile function when reading images in TIFF format. Recommendations: For FreeImage version 3.19.0...
Out-of-bounds Write
libexiv2.so is vulnerable to Out-of-bounds Write. The vulnerability exists because of an integer overflow in the brotliUncompress function within bmffimage.cpp. This flaw enables an attacker to manipulate and potentially read, write, delete, or modify image metadata such as Exif, IPTC, XMP, and I...
USN-6098-1: Jhead vulnerabilities
It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. CVE-2019-19035 It was discovered that Jhead did not properly...
SUSE CVE-2017-16353
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile...
SUSE CVE-2017-17724
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file...
SUSE CVE-2018-9305
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case...
SUSE CVE-2018-16750
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found...
SUSE CVE-2018-19107
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp called from psdimage.cpp in the PSD image reader may suffer from a denial of service heap-based buffer over-read caused by an integer overflow via a crafted PSD image file...
SUSE CVE-2019-1010302
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 showIPTC. The attack vector is: the victim must open a specially crafted JPEG file...
SUSE CVE-2020-18773
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...
SUSE CVE-2021-37622
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacke...
SUSE CVE-2022-41649
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...
SUSE CVE-2022-41988
An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-41649
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...
CVE-2022-41649
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...
OpenImageIO Heap Out-of-Bounds Read Vulnerability (CNVD-2023-01796)
OpenImageIO is an image read and write library that also provides several tools and applications. OpenImageIO v2.3.19.0 suffers from a heap out-of-bounds read vulnerability when processing IPTC data. An attacker could exploit this vulnerability to read heap memory via specially crafted TIFF files...
DEBIAN-CVE-2022-41988
An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...