36 matches found
PT-2021-18226 · Unknown · Matrix Media Repo
Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions 1.2.6 and earlier Description: The issue arises from improper handling of malicious images that are small in file size but large in complexity. A malicious user can upload a small image using specific formats that...
CVE-2019-19775
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users...
Open redirect
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users...
CVE-2019-19775
CVE-2019-19775 concerns Zulip Server: the image thumbnailing handler in versions 1.9.0 through before 2.0.8 allowed an open redirect that was visible to logged-in users. The impact, as stated in sources, is an open redirect targeting arbitrary URLs, potentially aiding phishing or credential-reuse...
gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...
CVE-2017-2813
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the...
Adobe Flash - ATF Thumbnailing Heap Overflow Exploit
Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof o...
Adobe Flash - ATF Thumbnailing Heap Overflow
Adobe Flash - ATF Thumbnailing Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof of...
Adobe Flash: Heap overflow in ATF Thumbnailing (CVE-2017-2933)
The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Attachment: thumb2. atf LoadImage. swf...
Adobe Flash - ATF Thumbnailing Heap Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof of Concept:...
CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...
UBUNTU-CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...
CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...
Fedora 20 : mediawiki-1.21.5-1.fc20 (2014-1745)
Update to 1.21.5 - bug 60339 CVE-2014-1610 SECURITY: Reported RCE in djvu thumbnailing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora 19 : mediawiki-1.21.5-1.fc19 (2014-1802)
Update to 1.21.5 - bug 60339 CVE-2014-1610 SECURITY: Reported RCE in djvu thumbnailing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
AZL-37047 CVE-2010-2642 affecting package t1lib 5.1.2-29
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font in conjunctio...