Lucene search
K

253 matches found

Cvelist
Cvelist
added 2022/06/18 3:27 p.m.20 views

CVE-2021-46822

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the getwordrgbrow function in rdppm.c...

6.2AI score0.01009EPSS
Exploits0References2
CVE
CVE
added 2022/06/18 3:27 p.m.117 views

CVE-2021-46822

The CVE-2021-46822 entry affects libjpeg-turbo up to version 2.0.90. Root cause: heap-based buffer overflow in get_word_rgb_row (rdppm.c) when loading 16-bit binary PPM/PGM data via tjLoadImage. Impact: remote crash/denial of service as described; no exploit details provided in the documents. Aff...

5.5CVSS5.8AI score0.01009EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/03/30 10:15 p.m.32 views

CVE-2021-33581

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...

7.2CVSS0.01234EPSS
Exploits0References2
OSV
OSV
added 2022/03/30 10:15 p.m.4 views

CVE-2021-33581

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...

7.2CVSS5.9AI score0.01234EPSS
Exploits0References2
Prion
Prion
added 2022/03/30 10:15 p.m.17 views

Server side request forgery (ssrf)

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...

6.5CVSS6.9AI score0.01234EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2021/12/16 8:0 a.m.5 views

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

...

7.8CVSS7.8AI score0.02906EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/16 4:34 p.m.123 views

USN-5081-1: Qt vulnerabilities

It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...

7.5CVSS7AI score0.03915EPSS
Exploits0
OSV
OSV
added 2021/09/16 4:34 p.m.14 views

USN-5081-1 qtbase-opensource-src vulnerabilities

It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...

7.5CVSS6.8AI score0.03915EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/09/15 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for gegl (EulerOS-SA-2021-2371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.9AI score0.01928EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/09/14 12:0 a.m.19 views

EulerOS 2.0 SP2 : gegl (EulerOS-SA-2021-2371)

According to the version of the gegl package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GEGL through 0.3.32. The geglbufferiteratereadsimple function in buffer/gegl-buffer-access.c allows remote attackers to cau...

8.8CVSS6.9AI score0.01928EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/07/07 12:0 a.m.6 views

The vulnerability of the qppmhandler.cpp component of the cross-platform development framework for Qt software, related to division by zero, allows attackers to trigger a service failure.

The vulnerability of the qppmhandler.cpp component of the cross-platform framework for developing Qt software is related to division by zero. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a distorted PPM image...

6.5CVSS6.5AI score0.01384EPSS
Exploits1References10Affected Software3
Positive Technologies
Positive Technologies
added 2021/04/26 12:0 a.m.6 views

PT-2022-12933 · Unknown +7 · Libjpeg-Turbo +7

Name of the Vulnerable Software and Affected Versions: libjpeg-turbo versions 2.0.90 and earlier Description: The issue is related to a heap-based buffer overflow in the get word rgb row function in rdppm.c, which occurs when using tjLoadImage to load a 16-bit binary PPM file into a grayscale...

8.8CVSS7.1AI score0.03162EPSS
Exploits1References43
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.6 views

The vulnerability of the `start_input_ppm` function in the rdppm.c library used for image processing in libjpeg-turbo, related to reading beyond the buffer data’s allowable limits, allows attackers to gain access to confidential data and cause service failures.

The vulnerability of the startinputppm function in the rdppm.c library used for working with images in libjpeg-turbo is related to reading data beyond the buffer’s acceptable limits. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data and also cause...

8.1CVSS6.7AI score0.03178EPSS
Exploits1References16Affected Software8
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.48 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : qt Multiple Vulnerabilities (NS-SA-2020-0062)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVE-2018-19872 - An issue was...

9.8CVSS7AI score0.03382EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.261 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : qt Multiple Vulnerabilities (NS-SA-2020-0092)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVE-2018-19872 - An issue was...

9.8CVSS7AI score0.03382EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2020/11/17 12:0 a.m.18 views

FreeBSD : libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function. (23a667c7-0b28-11eb-8834-00155d01f202)

libjpeg-turbo releases reports : This release fixes the following security issue : - Heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

8.1CVSS6.9AI score0.03178EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2020/10/20 12:0 a.m.48 views

libjpeg-turbo: Information disclosure

Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library. Description It was discovered that libjpeg-turbo incorrectly handled certain PPM files. Impact A remote attacker could entice a user to open a specially crafted PPM file using an application linked against...

8.1CVSS2.9AI score0.03178EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.258 views

Debian DLA-2377-1 : qt4-x11 security update

Several vulnerabilities were fixed in qt4-x11, the legacy version of the Qt toolkit. CVE-2018-15518 Double-free or corruption in QXmlStreamReader during parsing of a specially crafted illegal XML document. CVE-2018-19869 A malformed SVG image causes a segmentation fault. CVE-2018-19870 A malforme...

9.8CVSS6.8AI score0.03915EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.38 views

Debian DLA-2376-1 : qtbase-opensource-src security update

Several vulnerabilities were fixed in the Qt toolkit. CVE-2018-19872 A malformed PPM image causes a crash. CVE-2020-17507 Buffer over-read in the XBM parser. For Debian 9 stretch, these problems have been fixed in version 5.7.1+dfsg-3+deb9u3. We recommend that you upgrade your qtbase-opensource-s...

5.5CVSS6.5AI score0.03915EPSS
Exploits1References5
Debian
Debian
added 2020/09/28 7:0 a.m.63 views

[SECURITY] [DLA 2376-1] qtbase-opensource-src security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2376-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 21, 2020 https://wiki.debian.org/LTS -...

5.5CVSS6.7AI score0.03915EPSS
Exploits1
Rows per page
Query Builder