EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow vulnerabilities.
7843ed94a73178cbbad1a3abd757df71b39cbeea28ef32b9271d33b5a8956fe1
The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into the filter bitmap data.
3442a632be9dec3260619421059a97062f1e5b5331769ad612a11a97ecf3ec9b
The QImageReader class can read out-of-bounds when converting a specially-crafted TIFF file into a QImage, where the TIFF tile length is inconsistent with the tile size. This could potentially allow an attacker to determine values in memory based of the QImage pixels, if QT is used to process untrusted images.
766b77fab4c5903f5bd4ca7cb9d967ba5f26ec50db568fd2f7147cf8314ad4bc
This whitepaper is a guide to using FTK Imager for digital forensics.
3c78ef29175142feb10177e89ff96cbd355c362ecc8bb3edd23f41ce3f657e0f
Ubuntu Security Notice 3396-1 - It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. Various other issues were also addressed.
61bdcf4a0adf7e27a0250a05d795a49892ebdce3abf08ae85fec4f7f16b253c8
Ubuntu Security Notice 3366-2 - USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. Various other issues were also addressed.
e9581a312ef7c1eb2dedb9df0dc68f52b06260cac0f6b85c8b55f77958b4e34e
Ubuntu Security Notice 3366-1 - It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. Various other issues were also addressed.
b14c83af19137eb71b4ecf4d60969230fa06f1294af8524a5b5982b5a637a156
Guidance Software EnCase Forensic Imager versions 7.10 and below suffer from a stack-based buffer overflow vulnerability.
dde2e54320f7ae0c6125565d33c61a502a0e8d4158b92889665a3941c021109b
Ubuntu Security Notice 2952-2 - USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
34256a7fbb2ead22a5a09a7ec0edeb11a8a3dd11aea8a9162bc767ed7eb68101
GDCM versions 2.6.0 and 2.6.1 suffer from an out-of-bounds read due to missing checks. The vulnerability occurs during the decoding of JPEG-LS images when the dimensions of the embedded JPEG-LS image (as specified in the JPEG headers) are smaller than the ones of the selected region (set by gdcm::ImageRegionReader::SetRegion and usually based on DICOM header values).
9fe160664c3de2590fc55b8d5d31baa051f09a4bfdb6a7eea28c5c6a6e20f826
Secunia Security Advisory - A vulnerability has been discovered in FreeVimager, which can be exploited by malicious people to compromise a user's system.
13b1e0932781d8927c437f0972fc5ac4c672aa4dc5c739bda475ca6bed413476
FreeVimager version 4.1.0 suffers from a WriteAV arbitrary code execution vulnerability.
35e5e13d2e82922d649ad92142ac0d02c9c0e530b0e24f4a78b0a544ce6ef7ab
Ubuntu Security Notice 1154-1 - It was discovered that a heap overflow in the AWT FileDialog.show() method could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. It was discovered that integer overflows in the JPEGImageReader readImage() function and the SunLayoutEngine nativeLayout() function could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. Various other issues were also addressed.
b8678edae4561e9f93f6e10ebcdb337635cb2b334bf27aa584409a4de58814ef
Zero Day Initiative Advisory 10-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Apple ImageIO framework during the parsing of malformed JPEG2000 files. The function CGImageReadGetBytesAtOffset can utilize miscalculated values during a memmove operation that will result in an exploitable heap corruption allowing attackers to execute arbitrary code under the context of the current user.
6fadd8230149c63039b890333f1631fb1dbee04c5cc9599843de14ad2c75b210
Zero Day Initiative Advisory 10-057 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime. User interaction is required in that a user must be coerced into executing a malicious java application via visiting a website. The specific flaw exists within the JPEGImageDecoderImpl interface used by the image processing library to decode JPEG Imagery. By abusing an object meant to specify parameters used by the underlying jpeg decoder a malicious attacker can influence the decoding routine resulting in a heap overflow. This can be exploited to execute arbitrary code in the context of the application.
63d73f7e6f6485d9f0624ba47da8dd8e47720b89df4df018af43f597e653edf9
SEC Consult Security Advisory 20090305-0 - NextApp Echo2 versions below 2.1.1 suffer from a XML injection vulnerability.
e364a88c2cc90f61eeb02c0e5b44a6ff6992024991a758fa3a4903a2fe77a6b5
The PHP GD library suffers from an imageRotate() function information leak vulnerability.
63a4f23ebaa22d5f4bb47dced105c74b50d8a00ff26e6126ba04d1a32f614fea
SEC-CONSULT Security Advisory 20081219-0 - Fujitsu-Siemens WebTransactions is vulnerable to remote command injection due to insufficient input validation. Under certain conditions, WBPublish.exe passes unvalidated user input to the system() function when cleaning up temporary session data. This vulnerability allows an attacker to execute arbitrary commands on the affected system. The vulnerability does not require prior authentication and can be exploited from a web browser.
4fcccde253345cf5e3f0f4106c7f74d8b15fb08e20a6c514630001cb3f299309
SEC Consult Security Advisory 20081210-0 - By calling the extended stored procedure sp_replwritetovarbin, an attacker can write limited values to arbitrary locations in process memory. This vulnerability has been described in a prior security advisory for MS SQL Server 2000.
35360a7acfa1a99b8a092110b58250c85ed5ca8c4ccd0d0b760cbb8a46b38a39
SEC Consult Security Advisory 20081209-0 - Microsoft SQL Server suffers from a limited memory overwrite vulnerability.By calling the extended stored procedure sp_replwritetovarbin, and supplying several uninitialized variables as parameters, it is possible to trigger a memory write to a controlled location. Depending on the underlying Windows version, it is / may be possible to use this vulnerability to execute arbitrary code in the context of the vulnerable SQL server process. In a default configuration, the sp_replwritetovarbin stored procedure is accessible by anyone. The vulnerability can be exploited by an authenticated user with a direct database connection, or via SQL injection in a vulnerable web application. Versions 8.00.2039 and below are affected.
a3cd08ebd8f3b29b9b481794aeae14f29fef4640ab1d53fdd05d480b010bfc47
Secunia Security Advisory - A security issue has been reported in SystemImager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
b86a2ff45f2aee8400b99722dcda1cae022399f4bc56b827c5b235f3c249d084
SEC Consult Security Advisory 20081016-0 - Instant Expert Analysis uses a signed Java applet for Firefox or Netscape browsers and a signed ActiveX plugin for Internet Explorer. Both applets allow an attacker to download and execute arbitrary applications when the user visits an infected website.
4389e14bdabddae18e2fd1658419cc963957c03ba043729d6ea732a805c3413c
Secunia Security Advisory - Fedora has issued an update for perl-Imager. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.
dce98fd40dd2d70973f04f659ce1731edf681b2c5da85792c1139442785a06c5
Secunia Security Advisory - A vulnerability has been reported in Imager, which potentially can be exploited by malicious people to compromise an application using the library.
c8cc16448d9c91bea229231021e61d37ff91a80663f4336b90e92d733bd0a86f
Secunia Security Advisory - Debian has issued an update for libimager-perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.
4a2ca992d954d44de97a3bf6c4ed2449eb3cb54c0068d66167ff03c78427d545
Debian Security Advisory 1498-1 - It was discovered that libimager-perl, a Perl extension for Generating 24 bit images, did not correctly handle 8-bit per-pixel compressed images, which could allow the execution of arbitrary code.
77b57051bb67ab976211b73e0b03e6193ed987b375844d6dfa18cfb0e35d5863