15 matches found
EUVD-2020-5819
Malware in sbrugna...
EUVD-2019-14671
Malware in sbrugna...
RHEL 9 : gdk-pixbuf2 (RHSA-2023:2216)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2216 advisory. The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by...
Moderate: Red Hat Security Advisory: gdk-pixbuf2 security update
An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
ALSA-2023:2216 Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fixes: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data CVE-2021-44648 gdk-pixbu...
CVE-2021-44648
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12...
Heap overflow
A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this...
CVE-2020-13572
CVE-2020-13572 describes a heap overflow in the GIF LZW decoder used by Accusoft ImageGear 19.8. The vulnerability occurs while decoding LZW streams in the GIF parser, where a destination index can overflow the allocated heap buffer, potentially allowing arbitrary code execution when processing s...
Remote Code Execution
aspose.pdf is vulnerable to remote code execution. A use-after-free vulnerability exists in the way LZW-compressed streams are processed. An attacker is able to execute arbtirary code using a malicious PDF document...
CVE-2019-5066
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document nee...
CVE-2019-5066
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document nee...
Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read Exploit
Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities. Overview ======== Libnsgif1 is a decoding library for GIF images. It is primarily developed and used as part of the NetSurf project. As of version 0.1.2, libnsgif is vulnerable to a stack overflow...
[SECURITY] [DSA 2074-1] New ncompress packages fix execution of arbitrary code
------------------------------------------------------------------------ Debian Security Advisory DSA-2074-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano July 21, 2010 http://www.debian.org/security/faq -...
Debian DSA-1974-1 : gzip - several vulnerabilities
Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic...
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : tiff vulnerability (USN-639-1)
Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denia...