Kaka201

#13075of 53,624
20.3Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2021-23032
5.5
2021-11-03
Htmldoc · Htmldoc · CVE-2021-40985
**Name of the Vulnerable Software and Affected Versions** htmldoc versions prior to 1.9.12 **Description** A buffer under-read vulnerability in the `image load bmp` function allows attackers to cause a denial of service via a crafted BMP image. This issue affects htmldoc and can be exploited by providing a specially designed image to the vulnerable function. **Recommendations** For versions prior to 1.9.12, update to version 1.9.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of BMP images or disabling the `image load bmp` function until a patch is available.
PT-2021-7754
9.3
2021-03-04
Stb · Stb · CVE-2021-28021
**Name of the Vulnerable Software and Affected Versions** stb versions 2.26 **Description** The issue is related to a buffer overflow vulnerability in the `stbi extend receive` function of the `stb image.h` component in the stb library for C/C++. This vulnerability can be exploited by a remote attacker using a specially crafted JPEG file, allowing them to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For stb version 2.26, consider disabling the `stbi extend receive` function until a patch is available to prevent exploitation. Restrict access to the `stb image.h` component to minimize the risk of exploitation. Avoid using the `stb image.h` component with untrusted JPEG files until the issue is resolved.
PT-2021-19883
5.5
2021-01-27
Jasper · Jasper · CVE-2021-3272
**Name of the Vulnerable Software and Affected Versions** JasPer version 2.0.24 **Description** The issue arises from a heap-based buffer over-read in the `jp2 decode` function, located in `jp2/jp2 dec.c` of the `libjasper` library in JasPer. This occurs when there is an invalid relationship between the number of channels and the number of image components. **Recommendations** For JasPer version 2.0.24, consider applying a patch or update that fixes the `jp2 decode` function to prevent the heap-based buffer over-read. As a temporary workaround, restrict the use of the `jp2 decode` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.