Lucene search
+L

36 matches found

Positive Technologies
Positive Technologies
added 2021/04/19 12:0 a.m.4 views

PT-2021-18226 · Unknown · Matrix Media Repo

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions 1.2.6 and earlier Description: The issue arises from improper handling of malicious images that are small in file size but large in complexity. A malicious user can upload a small image using specific formats that...

6.5CVSS6.3AI score0.01002EPSS
Exploits0References5
OSV
OSV
added 2019/12/18 4:15 a.m.9 views

CVE-2019-19775

The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users...

6.1CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2019/12/18 4:15 a.m.15 views

Open redirect

The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users...

5.8CVSS6.2AI score0.00865EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/12/18 3:27 a.m.88 views

CVE-2019-19775

CVE-2019-19775 concerns Zulip Server: the image thumbnailing handler in versions 1.9.0 through before 2.0.8 allowed an open redirect that was visible to logged-in users. The impact, as stated in sources, is an open redirect targeting arbitrary URLs, potentially aiding phishing or credential-reuse...

6.1CVSS6.1AI score0.00865EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2017/08/01 3:34 p.m.3 views

gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...

7.5CVSS5.9AI score0.03569EPSS
Exploits0References5
NVD
NVD
added 2017/06/21 7:29 p.m.22 views

CVE-2017-2813

An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the...

8.8CVSS9AI score0.01722EPSS
Exploits1References2
0day.today
0day.today
added 2017/03/15 12:0 a.m.71 views

Adobe Flash - ATF Thumbnailing Heap Overflow Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof o...

10CVSS8.7AI score0.2991EPSS
Exploits3
exploitpack
exploitpack
added 2017/03/15 12:0 a.m.20 views

Adobe Flash - ATF Thumbnailing Heap Overflow

Adobe Flash - ATF Thumbnailing Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof of...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2017/03/15 12:0 a.m.41 views

Adobe Flash: Heap overflow in ATF Thumbnailing (CVE-2017-2933)

The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Attachment: thumb2. atf LoadImage. swf...

10CVSS8.8AI score0.2991EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/03/15 12:0 a.m.36 views

Adobe Flash - ATF Thumbnailing Heap Overflow

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof of Concept:...

7.4AI score
Exploits0
OSV
OSV
added 2017/01/23 9:59 p.m.30 views

CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...

7.5CVSS6.7AI score
Exploits0References9
OSV
OSV
added 2017/01/23 9:59 p.m.4 views

UBUNTU-CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...

7.5CVSS6.7AI score0.03569EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2016/11/21 2:17 p.m.36 views

CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas...

7.5CVSS4.9AI score0.03569EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/02/07 12:0 a.m.88 views

Fedora 20 : mediawiki-1.21.5-1.fc20 (2014-1745)

Update to 1.21.5 - bug 60339 CVE-2014-1610 SECURITY: Reported RCE in djvu thumbnailing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

6CVSS8.5AI score0.42777EPSS
Exploits12References3
Tenable Nessus
Tenable Nessus
added 2014/02/07 12:0 a.m.30 views

Fedora 19 : mediawiki-1.21.5-1.fc19 (2014-1802)

Update to 1.21.5 - bug 60339 CVE-2014-1610 SECURITY: Reported RCE in djvu thumbnailing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

6CVSS8.5AI score0.42777EPSS
Exploits12References3
OSV
OSV
added 2011/01/07 7:0 p.m.12 views

AZL-37047 CVE-2010-2642 affecting package t1lib 5.1.2-29

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font in conjunctio...

7.6CVSS6.2AI score0.1427EPSS
Exploits0References1
Rows per page
Query Builder