The vulnerability of the Image Processing Module in the BmpDecoderDxe framework used for creating UEFI patches in InsydeH2O allows a hacker to induce a system failure.

The vulnerability of the Image Processing Module in the InsydeH2O UEFI firmware development framework involves a buffer overflow when processing the PixelHeight and PixelWidth properties of images. Exploiting this vulnerability can allow an attacker to cause system failures...

CVE-2023-40238

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address duri...

Adobe Flash - ATF Processing Overflow

Adobe Flash - ATF Processing Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=786 The attached ATF file causes a heap overflow in ATF processing. To reproduce this issue, put LoadImage.swf and test.png on a remote server, and visit...