Pillow Out-of-Bounds Read Vulnerability (CNVD-2021-21942)

Pillow is a Python based image processing library. An out-of-bounds read vulnerability exists in the libImaging/PcxDecode.c file in Pillow versions prior to 7.1.0. No details of the vulnerability are provided at this time...

exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp

Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer overflow via a crafted image file...

Fedora: Security Advisory for python-pillow (FEDORA-2020-5cdbb19cca)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

USN-4199-1 libvpx vulnerabilities

It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

Memory corruption

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...

CVE-2019-1010258

CVE-2019-1010258 affects the nanosvg library. A buffer overflow in nsvg__parseColorRGB (src/nanosvg.h: line 1227) can cause memory corruption and DoS; impact includes HIGH availability (per CVSS3) with NETWORK attack vector and potential network-distributed SVG input. The vulnerability is trigger...

USN-3947-1: Libxslt vulnerability

It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information...

USN-3693-1 jasper vulnerabilities

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

UBUNTU-CVE-2018-10804

ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c...

[SECURITY] [DLA 1302-1] leptonlib security update

Package : leptonlib Version : 1.69-3.1+deb7u2 CVE ID : CVE-2018-7186 CVE-2018-7440 Debian Bug : 890548 891932 Different flaws have been found in leptonlib, an image processing library. CVE-2018-7186 Leptonica did not limit the number of characters in a %s format argument to fscanf or sscanf, that...

Cimg heap buffer out-of-bounds read vulnerability (CNVD-2018-05449)

CImg is an open source C++ tool library for image processing . A heap buffer out-of-bounds read vulnerability exists in the 'loadbmp' function of the CImg.h file in CImg version 220. No detailed vulnerability details are provided at this time...

Cimg 'load_bmp' function heap buffer out-of-bounds read vulnerability (CNVD-2018-05451)

CImg is an open source C++ tool library for image processing . A heap buffer out-of-bounds read vulnerability exists in the 'loadbmp' function of the CImg.h file in CImg version 220. No detailed vulnerability details are provided at this time...

UBUNTU-CVE-2017-15277

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data...

SoundTouch 1.9.2 - Multiple Vulnerabilities

Exploit for linux platform in category dos / poc SoundTouch multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= SoundTouch is an open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or audio files...

UBUNTU-CVE-2017-9141

In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c...

Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4014794)

This host is missing an important security update according to Microsoft KB4014794. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

ImageWorsener 'iwgif_record_pixel()' function remote heap buffer overflow vulnerability

ImageWorsener is a cross-platform command line utility and library for image scaling and other image processing. It has full support for PNG, JPEG, and BMP formats, experimental support for WebP, read-only support for GIF, and limited support for some other image formats. A remote heap buffer...

Google Chrome FFmpeg Heap Overflow Code Execution Vulnerability (CNVD-2017-02110)

Google Chrome is a popular web browser. Google Chrome handles a heap overflow code execution vulnerability in FFPMEG, which allows remote attackers to exploit the vulnerability to construct a malicious WEB page and trick users into parsing it, which can crash the application or execute arbitrary...

PHP LibGD Stack Buffer Overflow Vulnerability

libGD is an open source library for dynamically creating images , it supports the creation of charts, graphs and thumbnails and so on. PHP LibGD suffers from a stack buffer overflow vulnerability that allows remote attackers to submit special requests and conduct denial of service attacks...

Python Pillow and PIL 'PcdDecode.c' Local Buffer Overflow Vulnerability

PIL Python Image Library is a Python image processing library developed by Swiss software developer Fredrik Lundh. Python Pillow is a compiled version of PIL with some bug fixes developed by American software developer Alex Clark. A local buffer overflow vulnerability exists in Python Pillow...