libtiff: out-of-bounds write in loadImage() function

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted TIFF image with zero tiles...

Adobe Flash - JXR Processing Double-Free

Adobe Flash - JXR Processing Double-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=788 There is a heap overflow when loading the attacked JXR file in Adobe Flash. To reproduce, load the attached file using LoadImage.swf?img=12.atf. This issue can be a bit difficult to...

Silicon Graphics LibTiff tiffcrop Tool Denial of Service Vulnerability

Silicon Graphics LibTiff is a library for reading and writing TIFF Tagged Image File Format files from the U.S. Silicon Graphics. The library contains a number of command-line tools to deal with TIFF files. tiffcrop tool is a set of tools used to convert TIFF files . A security vulnerability exis...

WebGate Multiple Products WESPMonitor Stack Buffer Overflow (CVE-2015-2097)

A stack buffer overflow vulnerability exists in multiple products of WebGate. The vulnerability is due to insufficient boundary checks when processing parameters of methods LoadImage and LoadImageEx of the WESPMONITORLib.WESPMonitorCtrl ActiveX control. A remote attacker could exploit this...

WebGate eDVR Manager - Remote Stack Buffer Overflow

var arg1 = ""; nops = ""; var buff = ""; fori=0;i"+"Lengths: arg1="+arg1.length+" seh="+seh.length+""; fori=0;i200;i++ nops += "\x90"; sc = "\x54\x5d\xda\xc9\xd9\x75\xf4\x59\x49\x49\x49\x49\x49" + "\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30" +...

Buffer overflow

Multiple buffer overflows in WebGate Embedded Standard Protocol WESP SDK allow remote attackers to execute arbitrary code via unspecified vectors to the 1 LoadImage or 2 LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, 3 ChangePassword function in the WESPCONFIGLib.UserItem...

Webgate Buffer Overflow

Webgate technology is focused on digital image processing, embedded system design and networking to produce embedded O/S and web server cameras providing real time images. We are also making superior network stand-alone DVRs by applying our accumulated network and video solution knowledge. WEBGAT...

Microsoft Windows LoadImage API Function Integer Overflow (CVE-2004-1049)

In terms of Microsoft Windows technology, a resource is binary data that can be added to the executable file of a Windows-based application. Graphical images such as icons, cursors and bitmaps are example of standard resources. Windows-based applications support loading and rendering of graphical...

Windows Cursor and Icon handling vulnerability

Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...

Windows Cursor and Icon handling vulnerability

Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...

Windows Cursor and Icon handling vulnerability

Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...

CVE-2004-1049

CVE-2004-1049 affects Microsoft Windows LoadImage API (cursor/icon handling). The vulnerability arises from an integer overflow when processing certain image resources (e.g., .ani, .ico, .cur, .bmp), which can lead to heap memory corruption and remote code execution if a user opens a crafted file...

CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."...

Microsoft Windows LoadImage API vulnerable to integer overflow

Overview The Microsoft Windows LoadImage API routine is vulnerable to an integer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The LoadImage API routine is used to load an image from a file on Microsoft Windows platforms. The LoadImage API...

CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."...

Windows LoadImage integer overflow

Integer overflow on bitmap size calculation...

Microsoft Windows LoadImage API Integer Buffer overflow

Security Advisory Advisory: ADLAB-04004Microsoft Windows LoadImage API Integer Buffer overflow Class: Boundary Condition Error DATE:12/20/2004 Remote: Yes Vulnerable: Windows NT Windows 2000 SP0 Windows 2000 SP1 Windows 2000 SP2 Windows 2000 SP3 Windows 2000 SP4 Windows XP SP0 Windows XP SP1...

Microsoft Windows LoadImage API Function Integer Overflow Vulnerability

Description Microsoft Windows is prone to a remote integer-overflow vulnerability because it fails to properly ensure that user-supplied input doesn't overflow integer values. Attackers may exploit this issue to cause data to be copied past the end of a memory buffer. This issue resides in the...