Lucene search
K

2471 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-42580

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...

5.3CVSS5.9AI score
Exploits0References10
CVE
CVE
added yesterday12 views

CVE-2026-15182

GNU LibreDWG prior to 0.14 is affected by a heap-based overflow in the BMP Image Handler (dwg_bmp in src/dwg.c). Local exploitation is possible; the vulnerability can be triggered through the BMP image handling pathway, with an exploit disclosed publicly. Upgrading to version 0.14 resolves the is...

5.3CVSS5.9AI score
Exploits0References10
OSV
OSV
added 2026/06/28 12:3 a.m.3 views

RLSA-2023:2589 Moderate: autotrace security update

AutoTrace is a program for converting bitmaps to vector graphics. Security Fixes: autotrace: heap-buffer overflow via the ReadImage at input-bmp.c CVE-2022-32323 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer t...

7.3CVSS5.8AI score0.00759EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.2 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, the gdisurfacebits function processed SURFACEBITSCOMMAND messages sent by the RDP server. When these commands were processed using NSCodec, the bmp.width and bmp.height values provided by the server were not...

9.8CVSS6.1AI score0.00656EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-42500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. CVE-2026-42500 Note that Nessus...

5.3CVSS5.9AI score0.00384EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/29 9:15 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Decoding process of BMP files containing a palette with out-of-range indices. An attacker can cause a panic and potentially disrupt application availability by supplying a crafted BMP file with invalid palette...

7.1CVSS5.8AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 9:15 p.m.15 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Decoding process of BMP files containing a palette with out-of-range indices. An attacker can cause a panic and potentially disrupt application availability by supplying a crafted BMP file with invalid palette...

7.1CVSS5.8AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 8:16 p.m.6 views

DEBIAN-CVE-2026-42500

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:36 p.m.35 views

CVE-2026-42500 Panic when reading out of bound palette index in golang.org/x/image/bmp

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

0.00384EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/29 6:36 p.m.15 views

CVE-2026-42500

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

5.3CVSS5.8AI score0.00384EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises when accessing pixels in an invalid image using palette index values that...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.27 views

SUSE CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

7.5CVSS5.6AI score0.00631EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the code file coders/bmp.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned int. This likely leads to a disruption in the...

4.3CVSS6.5AI score0.01124EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in imagemagick

A heap use-after-free flaw was discovered in the coder/bmp.c file of ImageMagick...

6.2CVSS6.6AI score0.00437EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017608 advisory. A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form...

4.3CVSS6AI score0.01124EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: SDL2 (UTSA-2026-017801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017801 advisory. SDL Simple DirectMedia Layer through 2.0.12 has a heap-based buffer over-read in Blit3or4to3or4inversedrgb in video/SDLblitN.c via a crafted .BMP file. Tenable has...

5.8CVSS6.9AI score0.01666EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 11:18 a.m.8 views

CVE-2026-42146

A flaw was found in CImg Library. A remote attacker can exploit this vulnerability by providing a specially crafted BMP Bitmap image file. This occurs because the nbcolors field in the BMP file header is used directly to compute an allocation size without proper validation against the remaining...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nbcolors field read from the BMP file header is used directly to compute an...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/04 7:29 p.m.9 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the nbcolors field of the BMP file header during the loadbmp process. An attacker can cause an out-of-memory condition and crash the application by supplying a crafted BMP file with a large...

6.8CVSS5.8AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 6:16 p.m.8 views

CVE-2026-42146

CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nbcolors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nbcolors value triggers an...

5.5CVSS0.00119EPSS
Exploits0References4
Rows per page
Query Builder