Lucene search
K

161 matches found

Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.3 views

PT-2022-3459 · Pillow · Pillow

Name of the Vulnerable Software and Affected Versions: Pillow version 9.1.0 Description: The issue is related to a heap buffer overflow in the processing of invalid TGA image files. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected...

10CVSS8AI score0.03399EPSS
Exploits1References29
OSV
OSV
added 2022/05/24 5:0 p.m.17 views

GHSA-CJW4-2W9R-R8MV Missing Initialization of Resource in Apache Arrow

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

8.7CVSS5.8AI score0.04711EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2021/11/09 5:42 p.m.3 views

python-pillow: Buffer over-read in SGI RLE image reader

A flaw was found in python-pillow. SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...

5.8CVSS7.4AI score0.01573EPSS
Exploits0References5
OSV
OSV
added 2021/10/21 7:15 p.m.2 views

DEBIAN-CVE-2021-42715

An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...

5.5CVSS6.1AI score0.01213EPSS
Exploits0References1
OSV
OSV
added 2021/10/21 7:15 p.m.2 views

UBUNTU-CVE-2021-42715

An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...

5.5CVSS7.1AI score0.01213EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/10/07 12:0 a.m.4 views

PT-2021-7979 · Unknown +3 · Stb Image.H +3

Name of the Vulnerable Software and Affected Versions: stb image.h versions 1.33 through 2.27 Description: The issue is related to the HDR loader in stb image.h, which parses truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. This could allow a remote attacker to cau...

8.8CVSS5.9AI score0.02069EPSS
Exploits6References77
OSV
OSV
added 2021/09/28 4:15 p.m.2 views

CVE-2021-29363

A buffer overflow vulnerability in FORMATS!ReadRASW+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74...

7.8CVSS7.6AI score
Exploits0References1
OSV
OSV
added 2021/09/28 4:15 p.m.4 views

CVE-2021-29362

A buffer overflow vulnerability in FORMATS!ReadRASW+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file...

7.8CVSS6.3AI score0.00969EPSS
Exploits0References1
OSV
OSV
added 2021/09/28 4:15 p.m.5 views

CVE-2021-29360

A buffer overflow vulnerability in FORMATS!ReadUtahRLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file...

7.8CVSS6.3AI score0.00969EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/28 12:0 a.m.6 views

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview is vulnerable to a buffer error that can be exploited by attackers to execute arbitrary code via a crafted RLE file...

7.8CVSS8.2AI score0.00969EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/28 12:0 a.m.8 views

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted RLE files...

7.8CVSS8.2AI score0.00969EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/28 12:0 a.m.4 views

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted RLE files...

7.8CVSS8.2AI score0.00969EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/28 12:0 a.m.5 views

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted RLE files...

7.8CVSS8.2AI score0.00969EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2021/09/08 11:6 a.m.113 views

USN-5063-1: HAProxy vulnerabilities

Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks...

7.5CVSS7.8AI score0.57934EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2021/03/09 12:0 a.m.5 views

Vulnerability of the pcx_write_rle() function (contrib/japanese/gdev10v.c) in the software suite for processing, transforming, and generating Ghostscript documents, allowing a hacker to trigger a service failure

The vulnerability of the pcxwriterle function contrib/japanese/gdev10v.c in the software suite for processing, transforming, and generating Ghostscript documents is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failures...

5.3CVSS6.8AI score0.02252EPSS
Exploits1References14Affected Software3
OSV
OSV
added 2021/01/12 9:15 a.m.1 views

DEBIAN-CVE-2020-35655

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...

5.4CVSS6.1AI score0.01573EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/11 12:0 a.m.6 views

Pillow 缓冲区错误漏洞

Gentoo is an open source Linux system from the Gentoo Foundation. Gentoo Linux prior to version 8.1.0 suffers from a buffer overflow vulnerability that stems from improper handling of system offsets and length tables, where SGIRleDecode has a 4-byte buffer overflow when decoding a carefully craft...

5.8CVSS6.8AI score0.01573EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.2 views

The vulnerability of the Pillow image processing library, related to writing data beyond the buffer boundary in memory during the conversion from SGI images to RLE format, allows a hacker to trigger a service denial.

The vulnerability of the Pillow image processing library is related to the writing of data beyond the buffer boundary in memory during the conversion of SGI images to RLE format. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

10CVSS6.7AI score0.04212EPSS
Exploits0References7Affected Software5
OSV
OSV
added 2020/06/25 7:15 p.m.3 views

UBUNTU-CVE-2020-11538

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...

8.1CVSS6.7AI score0.02514EPSS
Exploits0References7
OSV
OSV
added 2020/04/14 11:15 p.m.1 views

DEBIAN-CVE-2020-11760

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp...

5.5CVSS6.7AI score0.01807EPSS
Exploits1References1
Rows per page
Query Builder