Astra Linux - уязвимость в exempi

A buffer overflow vulnerability exists in WEBPSupport.cpp in exempi 2.5.0 and earlier, allowing remote attackers to cause a denial of service by opening crafted webp files...

TencentOS Server 3: exempi (TSSA-2024:0198)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0198 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2018-19446

Malware in sbrugna...

EUVD-2020-10576

Malware in sbrugna...

EUVD-2018-4603

Malware in sbrugna...

EUVD-2017-9367

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-18652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in WEBPSupport.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp...

WordPress plugin CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin CITS Support svg, webp Media a...

DEBIAN-CVE-2024-53863

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following markup: Load the SVG and see the XSS. Code reference:...

WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following markup: alert"XSS"; Load the SVG and see the XSS. Code reference:...

SUSE CVE-2020-18652

Buffer Overflow vulnerability in WEBPSupport.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file...

DEBIAN-CVE-2020-18652

Buffer Overflow vulnerability in WEBPSupport.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file...

UBUNTU-CVE-2020-18652

Buffer Overflow vulnerability in WEBPSupport.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file...

exempi 缓冲区错误漏洞

exempi is an open source XMP library from libopenraw. A security vulnerability exists in exempi version 2.5.0 and earlier versions, which stems from a buffer overflow vulnerability in WEBPSupport.cpp...

SUSE CVE-2018-7731

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBPSupport.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class...

UBUNTU-CVE-2018-12648

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBPSupport.hpp in Exempi 2.4.5 has a NULL pointer dereference...

DEBIAN-CVE-2017-18235

An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBPSupport.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted .webp file...

CVE-2018-7731

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBPSupport.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class...

Exempi Null Pointer Reference Vulnerability

Exempi is an open source implementation of XMP based on the Adobe XMP SDK. A security vulnerability exists in Exempi 2.4.4 and earlier versions, which stems from a failure to detect the presence of null values in the bitstream in the XMPFiles/source/FormatSupport/WEBPSupport.cpp file. An attacker...