CVE-2017-16663

In sam2p 0.49.4, there are integer overflows with resultant heap-based buffer overflows in input-bmp.ci in the function ReadImage, because "width height" multiplications occur unsafely...

CVE-2017-16663

In sam2p 0.49.4, there are integer overflows with resultant heap-based buffer overflows in input-bmp.ci in the function ReadImage, because "width height" multiplications occur unsafely...

CVE-2017-16663

In sam2p 0.49.4, there are integer overflows with resultant heap-based buffer overflows in input-bmp.ci in the function ReadImage, because "width height" multiplications occur unsafely...

CVE-2017-15238

ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage...

Design/Logic Flaw

ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage...

CVE-2017-15238

ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage...

DEBIAN-CVE-2017-13140

In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service application hang in LockSemaphoreInfo via a PNG file with a width equal to MAGICKWIDTHLIMIT...

USN-3380-1 freerdp vulnerabilities

It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. CVE-2014-0250 It was discovered...

CVE-2017-12131

The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens...

Tor: Scrollbar Width permits detecting browser platform

In April 2017 shortly before this bug bounty program went live, I repeatedly attempted to report this information disclosure vulnerability. However, my emails to the Tor Project's official vulnerability disclosure address went unanswered. It was not until I posted a public blog entry -- with a...

DEBIAN-CVE-2017-10799

When GraphicsMagick 1.3.25 processes a DPX image with metadata indicating a large width in coders/dpx.c, a denial of service OOM can occur in ReadDPXImage...

UBUNTU-CVE-2017-10799

When GraphicsMagick 1.3.25 processes a DPX image with metadata indicating a large width in coders/dpx.c, a denial of service OOM can occur in ReadDPXImage...

CVE-2017-9995

libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted file...

libquicktime Denial of Service Vulnerability (CNVD-2017-11753)

libquicktime is a library for reading and writing files in quicktime, avi and mp4 formats. A security vulnerability exists in the 'quicktimevideowidth' function of the lqtquicktime.c file in libquicktime version 1.2.4. A remote attacker can exploit this vulnerability to cause a denial of service...

Silicon Graphics LibTIFF Heap Buffer Overflow Vulnerability (CNVD-2017-07752)

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A heap buffer overflow vulnerability exists in bmp2tiff in Silicon Graphics LibTIFF version...

DEBIAN-CVE-2017-9117

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the...

UBUNTU-CVE-2017-9117

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the...

Adobe Flash - Out-of-Bounds Read in Getting TextField Width Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1211 The attached swf causes an out-of-bounds read in getting the width of a TextField. Proof of Concept:...

Adobe Flash - Out-of-Bounds Read in Getting TextField Width

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1211 The attached swf causes an out-of-bounds read in getting the width of a TextField. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42019.zip...

Adobe Flash - Out-of-Bounds Read in Getting TextField Width

Adobe Flash - Out-of-Bounds Read in Getting TextField Width Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1211 The attached swf causes an out-of-bounds read in getting the width of a TextField. Proof of Concept:...