253 matches found
CVE-2021-46822
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the getwordrgbrow function in rdppm.c...
CVE-2021-46822
The CVE-2021-46822 entry affects libjpeg-turbo up to version 2.0.90. Root cause: heap-based buffer overflow in get_word_rgb_row (rdppm.c) when loading 16-bit binary PPM/PGM data via tjLoadImage. Impact: remote crash/denial of service as described; no exploit details provided in the documents. Aff...
CVE-2021-33581
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...
CVE-2021-33581
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...
Server side request forgery (ssrf)
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
...
USN-5081-1: Qt vulnerabilities
It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...
USN-5081-1 qtbase-opensource-src vulnerabilities
It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...
Huawei EulerOS: Security Advisory for gegl (EulerOS-SA-2021-2371)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : gegl (EulerOS-SA-2021-2371)
According to the version of the gegl package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GEGL through 0.3.32. The geglbufferiteratereadsimple function in buffer/gegl-buffer-access.c allows remote attackers to cau...
The vulnerability of the qppmhandler.cpp component of the cross-platform development framework for Qt software, related to division by zero, allows attackers to trigger a service failure.
The vulnerability of the qppmhandler.cpp component of the cross-platform framework for developing Qt software is related to division by zero. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a distorted PPM image...
PT-2022-12933 · Unknown +7 · Libjpeg-Turbo +7
Name of the Vulnerable Software and Affected Versions: libjpeg-turbo versions 2.0.90 and earlier Description: The issue is related to a heap-based buffer overflow in the get word rgb row function in rdppm.c, which occurs when using tjLoadImage to load a 16-bit binary PPM file into a grayscale...
The vulnerability of the `start_input_ppm` function in the rdppm.c library used for image processing in libjpeg-turbo, related to reading beyond the buffer data’s allowable limits, allows attackers to gain access to confidential data and cause service failures.
The vulnerability of the startinputppm function in the rdppm.c library used for working with images in libjpeg-turbo is related to reading data beyond the buffer’s acceptable limits. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data and also cause...
NewStart CGSL CORE 5.04 / MAIN 5.04 : qt Multiple Vulnerabilities (NS-SA-2020-0062)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVE-2018-19872 - An issue was...
NewStart CGSL CORE 5.05 / MAIN 5.05 : qt Multiple Vulnerabilities (NS-SA-2020-0092)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVE-2018-19872 - An issue was...
FreeBSD : libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function. (23a667c7-0b28-11eb-8834-00155d01f202)
libjpeg-turbo releases reports : This release fixes the following security issue : - Heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...
libjpeg-turbo: Information disclosure
Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library. Description It was discovered that libjpeg-turbo incorrectly handled certain PPM files. Impact A remote attacker could entice a user to open a specially crafted PPM file using an application linked against...
Debian DLA-2377-1 : qt4-x11 security update
Several vulnerabilities were fixed in qt4-x11, the legacy version of the Qt toolkit. CVE-2018-15518 Double-free or corruption in QXmlStreamReader during parsing of a specially crafted illegal XML document. CVE-2018-19869 A malformed SVG image causes a segmentation fault. CVE-2018-19870 A malforme...
Debian DLA-2376-1 : qtbase-opensource-src security update
Several vulnerabilities were fixed in the Qt toolkit. CVE-2018-19872 A malformed PPM image causes a crash. CVE-2020-17507 Buffer over-read in the XBM parser. For Debian 9 stretch, these problems have been fixed in version 5.7.1+dfsg-3+deb9u3. We recommend that you upgrade your qtbase-opensource-s...
[SECURITY] [DLA 2376-1] qtbase-opensource-src security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2376-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 21, 2020 https://wiki.debian.org/LTS -...