Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorydenial of servicebuffer overflowMageia 8 MGASA-2022-0074: Moderate Zxing-Cpp Buffer Overflow
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. (CVE-2021-28021) An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of . MGASA-2022-0074 - Updated zxing-cpp packages fix security vulnerability Publication date: 18 Feb 2022 URL: https://advisories.mageia.org/MGASA-2022-0074.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-28021, CVE-2021-42715, CVE-2021-42716 Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. (CVE-2021-28021) An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. (CVE-2021-42715) An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location. (CVE-2021-42716) References: - https://bugs.mageia.org/show_bug.cgi?id=29937 - - https://www.cve.org/CVERecord?id=CVE-2021-28021 - https://www.cve.org/CVERecord?id=CVE-2021-42715 - https://www.cve.org/CVERecord?id=CVE-2021-42716 SRPMS: - 8/core/zxing-cpp-1.1.1-2.1.mga8 . Mageia 2022-0075 provides security fixes for libpng related to memory corruption and potential remote exploitation vulnerabilities.. Buffer Overflow, Mageia Security, zxing-cpp Update, HDR Image Issues. . LinuxSecurity.com Team
Feb 17, 2022
Mageia
197
security advisorydenial of servicesoftware updateDebian 8: DLA-1638-1 Critical: libjpeg-turbo DoS Issues
Several vulnerabilities have been resolved in libjpeg-turbo, Debian's default JPEG implemenation. CVE-2016-3616 . Package : libjpeg-turbo Version : 1:1.3.1-12+deb8u1 CVE ID : CVE-2016-3616 CVE-2018-1152 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 Debian Bug : #819969 #902950 #902176 Several vulnerabilities have been resolved in libjpeg-turbo, Debian's default JPEG implemenation. CVE-2016-3616 The cjpeg utility in libjpeg allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. This issue got fixed by the same patch that fixed CVE-2018-11213 and CVE-2018-11214. CVE-2018-1152 libjpeg-turbo has been found vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. The issue has been resolved by a boundary check. CVE-2018-11212 The alloc_sarray function in jmemmgr.c allowed remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. The issue has been addressed by checking the image size when reading a targa file and throwing an error when image width or height is 0. CVE-2018-11213 CVE-2018-11214 The get_text_gray_row and get_text_rgb_row functions in rdppm.c both allowed remote attackers to cause a denial of service (Segmentation fault) via a crafted file. By checking the range of integer values in PPM text files and adding checks to ensure values are within the specified range, both issues For Debian 8 "Jessie", these problems have been fixed in version 1:1.3.1-12+deb8u1. We recommend that you upgrade your libjpeg-turbo packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49(1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail:
Jan 22, 2019
•Critical
Debian LTS
87
security advisoryupdatedebianDebian: DSA-2462-2 Moderate: Imagemagick JPEG Processing Errors
The initial update introduced a regression, which could lead to errors when processing some JPEG files. For the stable distribution (squeeze), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2462-2
May 03, 2012
•Important
Debian
91
security advisoryGentookdeGentoo: 200701-06 Critical: GNOME gedit Security Flaw Exploit
The KDE kfile JPEG info plugin of kdegraphics could enter an endless loop leading to a Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200701-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: KDE kfile JPEG info plugin: Denial of Service Date: January 12, 2007 Bugs: #155949 ID: 200701-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The KDE kfile JPEG info plugin of kdegraphics could enter an endless loop leading to a Denial of Service. Background ========= The KDE kfile-info JPEG plugin provides meta-information about JPEG files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdegraphics-kfile-plugins < 3.5.5-r1 > = 3.5.5-r1 Description ========== Marcus Meissner of the SUSE security team discovered a stack overflow vulnerability in the code processing EXIF information in the kfile JPEG info plugin. Impact ===== A remote attacker could entice a user to view a specially crafted JPEG image with a KDE application like Konqueror or digiKam, leading to a Denial of Service by an infinite recursion. Workaround ========= There is no known workaround at this time. Resolution ========= All KDE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =kde-base/kdegraphics-kfile-plugins-3.5.5-r1" References ========= [ 1 ] CVE-2006-6297 https://www.cve.org/CVERecord?id=CVE-2006-6297 Availability =========== This GLSA and any updates to it are available for viewingat the Gentoo Security Website: https://security.gentoo.org/glsa/200701-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 12, 2007
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!