Trylab

#11930of 53,608
23Total CVSS
Vulnerabilities · 3
Medium
2
Critical
1
PT-2017-7903
6.5
2017-08-19
Openjpeg · Openjpeg · CVE-2016-10505
**Name of the Vulnerable Software and Affected Versions** OpenJPEG versions prior to 2.2.0 **Description** The issue is related to NULL pointer dereference vulnerabilities in several functions, including `imagetopnm` in convert.c, `sycc444 to rgb`, `color esycc to rgb`, and `sycc422 to rgb` in color.c. These vulnerabilities can be exploited by remote attackers using crafted j2k files, leading to a denial of service (application crash). **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable functions until a patch is available. Avoid processing crafted j2k files with the affected OpenJPEG versions to minimize the risk of exploitation.
PT-2017-7904
6.5
2017-08-19
Openjpeg · Openjpeg · CVE-2016-10506
**Name of the Vulnerable Software and Affected Versions** OpenJPEG versions prior to 2.2.0 **Description** The issue is related to division-by-zero vulnerabilities in certain functions, specifically `opj pi next cprl`, `opj pi next pcrl`, and `opj pi next rpcl`, which are located in the pi.c file. These vulnerabilities can be exploited by remote attackers using crafted j2k files, leading to a denial of service in the form of an application crash. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue.
PT-2016-3376
10
2016-09-28
Gd · Gd Graphics Library · CVE-2016-7568
**Name of the Vulnerable Software and Affected Versions** GD Graphics Library versions through 2.2.3 PHP versions through 7.0.11 **Description** The issue is caused by an integer overflow in the `gdImageWebpCtx` function, which can lead to a denial of service or possibly other impacts. This can be triggered by crafted `imagewebp` and `imagedestroy` calls, allowing remote attackers to exploit the weakness. **Recommendations** For GD Graphics Library versions through 2.2.3, update to a version later than 2.2.3 to resolve the issue. For PHP versions through 7.0.11, update to a version later than 7.0.11 to resolve the issue. As a temporary workaround, consider restricting the use of the `imagewebp` and `imagedestroy` functions until a patch is available.