5947 matches found
gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...
gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...
CVE-2026-21368
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...
CVE-2026-21368 Out-of-bounds Write in Camera Driver
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...
CVE-2026-21368
CVE-2026-21368 describes an out-of-bounds write in a camera driver when parsing JPEG commands, caused by unaccounted extra writes to the buffer during validation. The CVSS vector indicates local access, high complexity, and low privileges required, with a Overall impact of low confidentiality, in...
CVE-2026-13708
Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...
EUVD-2026-41873
Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...
CVE-2026-13708 Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol
Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...
CVE-2026-13708
Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...
PT-2026-55932
Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i readjpeg wiol. i readjpeg wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptc itext = mymalloc... and overwrites the previous...
SUSE-SU-2026:2744-1 Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issue - CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder bsc1268401...
SUSE-SU-2026:2743-1 Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issue - CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder bsc1268401...
GHSA-2V8P-FQPX-2Q3W jxl-oxide: integer subtraction overflow panic in cluster_from_table via crafted JXL input (DoS)
Summary Logic bug in decodesimpletableslow may cause integer arithmetic overflow when decoding Modular image with certain kind of MA tree, which may panic with overflow-checks enabled. Impact Denial of service: any application passing untrusted JXL data to JxlImage::renderframe or equivalent can ...
CVE-2024-14037
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
OPENSUSE-SU-2026:21204-1 Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issue - CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder bsc1268401...
CVE-2026-55597
A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. An incorrect handling of arguments in the JP2 encoder can lead to a heap buffer overwrite. This vulnerability could allow an attacker to cause a denial of service DoS by providing a...
CVE-2026-55597
CVE-2026-55597 affects ImageMagick prior to 7.1.2-26, where incorrect handling of arguments can cause a heap buffer overwrite in the JP2 encoder. The issue is fixed in 7.1.2-26. This can lead to memory corruption in the JP2 encoding path; upgrading to the fixed release is the advised remediation.
EulerOS 2.0 SP15 : gdk-pixbuf2 (EulerOS-SA-2026-2441)
According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper...
EulerOS 2.0 SP15 : gdk-pixbuf2 (EulerOS-SA-2026-2482)
According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper...
EUVD-2026-39772
A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...