UBUNTU-CVE-2023-40032

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...

OESA-2023-1350 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

SUSE CVE-2023-26965

loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image...

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548

The CVE-2023-30548 issue affects gatsby-plugin-sharp prior to versions 5.8.1 and 4.25.1, introducing a path traversal vulnerability when running the Gatsby develop server. By default, develop is bound to localhost, but if exposed (e.g., via --host 0.0.0.0, -H 0.0.0.0, or GATSBY_HOST=0.0.0.0), an ...

SUSE CVE-2022-2309

NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...

OpenImageIO TIFF file IPTC data information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1631 OpenImageIO TIFF file IPTC data information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41649 SUMMARY A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A...

SWFTools 缓冲区错误漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files from the individual developer Matthias Kramm. A security vulnerability exists in SWFTools that originates from a heap buffer overflow in DCTStream::reset in the /xpdf/Stream.cc file...

ALSA-2022:1932 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 For more details about the security issues, including the impact, ...

python-pillow security update

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-pillow packages contain a Python image processing library th...

USN-5143-1: Leptonica vulnerability

It was discovered that Leptonica incorrectly handled certain image files. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact...

DEBIAN-CVE-2022-22815

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

ALSA-2021:4158 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...

Fedora: Security Advisory for python2-pillow (FEDORA-2021-9f020cf155)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Freeimage Parses Inventory in Integer Overflow Vulnerability

freeimage is a free , open source , cross-platform Windows, Linux and Mac OS X , supports more than 20 types of images such as BMP, JPEG, GIF, PNG, TIFF , etc. image processing library . The Freeimage parsing library suffers from an integer overflow vulnerability, which can be exploited by...

Debian DLA-2612-1 : leptonlib security update

Several issues have been found by ClusterFuzz in leptonlib, an image processing library. All issues are related to heap-based buffer over-read in several functions or a denial of service application crash with crafted data. For Debian 9 stretch, these problems have been fixed in version...

Pillow Buffer Overflow Vulnerability (CNVD-2021-54033)

Pillow is a Python-based image processing library. buffer overflow vulnerability exists in versions of Pillow prior to 8.1.1, which stems from the presence of a negative offset memcpy with an invalid size in TiffDecode.c. No details of the vulnerability are currently available...

Fedora: Security Advisory for python2-pillow (FEDORA-2021-0ece308612)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Leptonica heap buffer overflow vulnerability (CNVD-2021-19745)

Leptonica is an open source library containing software widely used in image processing and image analysis applications. A heap buffer overflow vulnerability exists in findNextBorderPixel in ccbord.c in versions of Leptonica prior to 1.80.0. No details of the vulnerability are provided at this ti...

UBUNTU-CVE-2020-17507

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. readxbmbody in gui/image/qxbmhandler.cpp has a buffer over-read...