Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jpeg vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-20092
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
Articlecms Project Articlecms 1.0
9.3
CVSSv2
CVE-2008-2548
Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote malicious users to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.
Motorola Razr
6.8
CVSSv2
CVE-2020-10682
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).
Cmsmadesimple Cms Made Simple 2.2.13
6.8
CVSSv2
CVE-2017-2811
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.
Kakadusoftware Kakadu Sdk 7.9
9.3
CVSSv2
CVE-2017-2925
Adobe Flash Player versions 24.0.0.186 and previous versions have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
Adobe Flash Player
7.5
CVSSv2
CVE-2013-5349
Integer underflow in Picasa3.exe in Google Picasa prior to 3.9.0 Build 137.69 allows remote malicious users to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a sm...
Google Picasa 3.9.0
5
CVSSv2
CVE-2006-6297
Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote malicious users to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which res...
Kde Kdegraphics 3.4.3
Kde Kdegraphics 3.2
6.8
CVSSv2
CVE-2019-5089
An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an malicious user to execute arbitrary code on the victim machine. An attacker could exploit ...
Investintech Able2extract 14.0.7
6.8
CVSSv2
CVE-2020-6066
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed f...
Accusoft Imagegear 19.5.0
7.5
CVSSv2
CVE-2018-9848
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote malicious users to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jp...
Gxlcms Gxlcms Qy 1.0.0713
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »