43 matches found
[SECURITY] Fedora 44 Update: mingw-SDL2_image-2.8.12-1.fc44
Simple DirectMedia Layer SDL2 is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL2 surfaces...
GO-2026-5031 Panic when reading out of bound palette index in golang.org/x/image/bmp
Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...
[SECURITY] Fedora 43 Update: SDL2_image-2.8.12-1.fc43
Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...
[SECURITY] Fedora 44 Update: SDL2_image-2.8.12-1.fc44
Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...
[SECURITY] Fedora 43 Update: SDL3_image-3.4.4-1.fc43
Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This is a simple library to load images of various formats as SDL surfaces. It can load BMP, GIF, JPEG, LBM, PCX, PNG, PNM PPM/PGM/PBM, QOI, TGA, XCF,...
CVE-2026-42146
CVE-2026-42146 affects the CImg Library (C++) where the nb_colors field read from BMP headers is used to compute an allocation size without validating against the remaining file size, enabling an out-of-memory condition when loading crafted untrusted BMPs. A patch (commit c3aacf5) fixes the issue...
CVE-2025-15278
CVE-2025-15278 concerns FontForge GUtils XBM file parsing. The flaw is an integer overflow during parsing of pixels in XBM files, caused by inadequate validation of user-supplied data, which leads to an out-of-bounds buffer allocation and allows remote code execution in the affected process. The ...
EUVD-2025-25837
Malicious code in bioql PyPI...
The vulnerability of the bytes_per_line() function in the coders/bmp.c component of the console-based ImageMagick graphic editor allows a hacker to cause a service failure.
The vulnerability of the bytesperline function in the coders/bmp.c component of the ImageMagick console graphics editor is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2025-57803
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytesperline stride to a tiny value while the...
DEBIAN-CVE-2025-52930
A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...
Tungsten Automation Power PDF 缓冲区错误漏洞
Tungsten Automation Power PDF Kofax Power PDF is a powerful PDF processing software from Tungsten Automation. Tungsten Automation Power PDF suffers from a buffer error vulnerability that stems from the parsing of BMP files containing an out-of-bounds write issue. An attacker exploiting this...
USN-7112-1 libgd2 vulnerability
It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service application crash...
UBUNTU-CVE-2023-5341
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick...
SUSE CVE-2009-1570
Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow...
SUSE CVE-2009-2286
Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service crash via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch...
SUSE CVE-2018-5685
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function coders/bmp.c. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value...
SUSE CVE-2020-14410
SDL Simple DirectMedia Layer through 2.0.12 has a heap-based buffer over-read in Blit3or4to3or4inversedrgb in video/SDLblitN.c via a crafted .BMP file...
DEBIAN-CVE-2022-43594
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...
UBUNTU-CVE-2022-43594
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...