161 matches found
PT-2022-3459 · Pillow · Pillow
Name of the Vulnerable Software and Affected Versions: Pillow version 9.1.0 Description: The issue is related to a heap buffer overflow in the processing of invalid TGA image files. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected...
GHSA-CJW4-2W9R-R8MV Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
python-pillow: Buffer over-read in SGI RLE image reader
A flaw was found in python-pillow. SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
DEBIAN-CVE-2021-42715
An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...
UBUNTU-CVE-2021-42715
An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...
PT-2021-7979 · Unknown +3 · Stb Image.H +3
Name of the Vulnerable Software and Affected Versions: stb image.h versions 1.33 through 2.27 Description: The issue is related to the HDR loader in stb image.h, which parses truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. This could allow a remote attacker to cau...
CVE-2021-29363
A buffer overflow vulnerability in FORMATS!ReadRASW+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74...
CVE-2021-29362
A buffer overflow vulnerability in FORMATS!ReadRASW+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file...
CVE-2021-29360
A buffer overflow vulnerability in FORMATS!ReadUtahRLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file...
IrfanView 缓冲区错误漏洞
IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview is vulnerable to a buffer error that can be exploited by attackers to execute arbitrary code via a crafted RLE file...
IrfanView 缓冲区错误漏洞
IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted RLE files...
IrfanView 缓冲区错误漏洞
IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted RLE files...
IrfanView 缓冲区错误漏洞
IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted RLE files...
USN-5063-1: HAProxy vulnerabilities
Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks...
Vulnerability of the pcx_write_rle() function (contrib/japanese/gdev10v.c) in the software suite for processing, transforming, and generating Ghostscript documents, allowing a hacker to trigger a service failure
The vulnerability of the pcxwriterle function contrib/japanese/gdev10v.c in the software suite for processing, transforming, and generating Ghostscript documents is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failures...
DEBIAN-CVE-2020-35655
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
Pillow 缓冲区错误漏洞
Gentoo is an open source Linux system from the Gentoo Foundation. Gentoo Linux prior to version 8.1.0 suffers from a buffer overflow vulnerability that stems from improper handling of system offsets and length tables, where SGIRleDecode has a 4-byte buffer overflow when decoding a carefully craft...
The vulnerability of the Pillow image processing library, related to writing data beyond the buffer boundary in memory during the conversion from SGI images to RLE format, allows a hacker to trigger a service denial.
The vulnerability of the Pillow image processing library is related to the writing of data beyond the buffer boundary in memory during the conversion of SGI images to RLE format. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
UBUNTU-CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...
DEBIAN-CVE-2020-11760
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp...