12 matches found
Cross-Site Scripting (Reflected XSS)
Leantime is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and output encoding in the "overdue" section, allowing attackers to upload malicious image files containing XSS payloads...
GHSA-52XF-H226-PFGX Leantime allows Refelected Cross-Site Scripting (XSS)
Summary The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation...
Use After Free
SixLabors.ImageSharp is vulnerable to Use After Free. The vulnerability is due to improper input validation within the JPEG and TGA decoders, which allows an attacker to craft malicious image files that could result in Information Disclosure during the conversion process...
CVE-2021-40162
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code...
CVE-2022-1325
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...
ROS-2-446
2.446 VLC vulnerability CVE-2019-19721, CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079 1. Vulnerability Description: The vulnerability allows a remote user to: - create a customized image file that can cause an out-of-bounds read, - send a specially...
GHSA-VPQ5-4RC8-C222 Denial of Service in canvas
Versions of canvas prior to 1.6.10 are vulnerable to Denial of Service. Processing malicious JPEGs or GIFs could crash the node process. Recommendation Upgrade to version 1.6.10...
Denial Of Service (DoS)
ImageMagick is vulnerable to denial of service DoS attacks. When attackers input malicious image files, it causes a NULL pointer dereference issue in the ReadCUTImage function in coders/cut.c...
ImageMagick(CVE-2 0 1 6-3 7 1 4 implementation process, vulnerability analysis, and solution-vulnerability warning-the black bar safety net
! What is ImageMagick ImageMagick is a free to create, edit, composite picture software. It can read, convert, write a variety of formats pictures. Picture cut, color replacement, various effects application, image rotation, composition, text, line, polygon, ellipse, curve, attached to a picture ...
Critical vulnerabilities in ImageMagick
Multiple vulnerabilities in ImageMagick have been discovered, Remote Code Execution being one of them. For image manipulation TYPO3 CMS makes use of either one of the third party tools GraphicsMagick or ImageMagick. Recently it has been discovered, that ImageMagick exposes multiple vulnerabilitie...
HDWiKi V 5.0 local include vulnerability 0Day-vulnerability warning-the black bar safety net
Release date: 2011-01. 2 3 Publishing author: HYrz Affected versions: HDWiKi V 5.0 Official website: http://kaiyuan.hudong.com Vulnerability type: a file that contains Vulnerability description: From the source code see there is indeed a problem,we just Upload a picture of the Trojan can be norma...
DSA-547-1 imagemagick - buffer overflows
Bulletin has no description...