Several vulnerabilities have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.
An issue has been found in gthumb, an image viewer and browser. A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to
During the backporting of one of patches in CVE-2020-22021 one line was wrongly interpreted and it caused the regression during the deinterlacing process. Thanks to Jari Ruusu for the reporting the issue and for the testing of prepared update.
An issue has been found in ircii, an Internet Relay Chat client. A crafted CTCP UTC message could allow an attacker to disconnect the victim from an IRC server due to a segmentation fault and client crash.
An issue has been found in scrollz, an advanced ircII-based IRC client. A crafted CTCP UTC message could allow an attacker to disconnect the victim from an IRC server due to a segmentation fault and client crash.
It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (Spectre v2).