Lucene search
K

7965 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 8:37 p.m.17 views

ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.

An incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options...

4CVSS5.9AI score0.00116EPSS
Exploits0References3Affected Software18
Snyk
Snyk
added 2026/05/18 8:37 p.m.11 views

Out-of-bounds Write

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.12 views

PT-2026-41805

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An incorrect check in the JP2 results in a heap buffer over-write of a single byte when certain options are specified. A heap buffer over-write occurs when data ...

7.5CVSS6.2AI score0.00495EPSS
Exploits0References129
OSV
OSV
added 2026/05/14 8:17 p.m.5 views

DEBIAN-CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.8CVSS6AI score0.00173EPSS
Exploits1References1
NVD
NVD
added 2026/04/26 10:17 p.m.6 views

CVE-2018-25296

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

6.8CVSS0.00128EPSS
Exploits0References3
NVD
NVD
added 2026/04/26 10:17 p.m.6 views

CVE-2018-25275

Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash...

6.9CVSS0.00136EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/26 1:19 p.m.9 views

CVE-2018-25297 Wansview 1.0.2 Denial of Service via Buffer Overflow

Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Camera name and DID number fields during camera addition to trigger application crashes...

6.9CVSS5.7AI score0.00118EPSS
Exploits0References2
CVE
CVE
added 2026/04/26 1:19 p.m.11 views

CVE-2018-25295

The CVE-2018-25295 entry concerns the ObserverIP Scan Tool version 1.4.0.1. The vulnerability is a denial-of-service flaw triggered by submitting an excessively long string in the IP input field, with demonstrations showing a 2000-byte buffer of repeated characters causing the application to cras...

6.9CVSS5.5AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.9 views

PT-2026-35245

Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash...

6.9CVSS5.7AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.9 views

PT-2026-35265

ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operati...

6.9CVSS5.4AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.8 views

PT-2026-35266

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

6.8CVSS5.7AI score0.00128EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.7 views

SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2026:1597-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1597-1 advisory. - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via...

7.5CVSS5.9AI score0.00566EPSS
Exploits0References34
Debian CVE
Debian CVE
added 2026/04/21 1:27 a.m.5 views

CVE-2026-39886

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...

5.3CVSS5.5AI score0.00302EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/04/21 1:27 a.m.8 views

CVE-2026-39886

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...

8.6CVSS5.8AI score0.00611EPSS
Exploits3References3Affected Software1
Debian
Debian
added 2026/04/17 9:18 p.m.12 views

[SECURITY] [DSA 6215-1] gimp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6215-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2026 https://www.debian.org/security/faq -...

7.8CVSS7.5AI score0.00755EPSS
Exploits0
Snyk
Snyk
added 2026/04/14 6:51 p.m.5 views

Out-of-bounds Write

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

6.8CVSS5.8AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 6:51 p.m.8 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.8CVSS5.8AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 6:51 p.m.9 views

Out-of-bounds Write

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.8AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 6:51 p.m.8 views

Out-of-bounds Write

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.8CVSS5.8AI score0.00189EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 10:16 p.m.7 views

DEBIAN-CVE-2026-40310

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 an...

5.5CVSS5.2AI score0.00189EPSS
Exploits0References1
Rows per page
Query Builder