CVE-2025-32468

CVE-2025-32468 : A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp, an integer overflow occurs during stride calculation, leading to a heap-based buffer overflow during decoding and p...

CVE-2025-52930

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

CVE-2025-52930

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

CVE-2025-52930

CVE-2025-52930 affects the BMPv3 RLE Decoding functionality in the SAIL Image Decoding Library v0.9.8 . A memory corruption due to a heap-based buffer overflow during BMP data decompression can lead to remote code execution if an attacker can induce the library to read a specially crafted BMP fil...

SAIL Image Decoding Library BMPv3 Image Decoding integer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2216 SAIL Image Decoding Library BMPv3 Image Decoding integer overflow vulnerability August 25, 2025 CVE Number CVE-2025-32468 SUMMARY A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8...

Linux Distros Unpatched Vulnerability : CVE-2016-8685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service invalid memory access and crash via a crafted BMP imag...

Linux Distros Unpatched Vulnerability : CVE-2016-3619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DumpModeEncode function in tifdumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the -c none option is used, allows remote attackers to caus...

Siemens Simcenter Femap

SUMMARY Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary...

TencentOS Server 3: autotrace (TSSA-2023:0149)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0149 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-20931

Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code...

SAMSUNG Notes 安全漏洞

Samsung Notes is a simple and easy to use cell phone notepad software, support for all Samsung models to install and use. Samsung Notes suffers from an out-of-bounds write vulnerability, which originates from bmp image parsing, no details of the vulnerability are available at this time...

Medium: python-pillow

Issue Overview: Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a certain limit. This can lead to a system crash. Affected versions of this package...

AMI AptioV Code Issue Vulnerability

AMI AptioV is a firmware from AMI. A security vulnerability exists in AMI AptioV that stems from the possibility of unrestricted uploading of dangerous types of BMP logo files via local access, the successful exploitation of which may result in loss of confidentiality, integrity and availability...

SUSE CVE-2014-9330

Integer overflow in tifpackbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service crash via crafted BMP image, related to dimensions, which triggers an out-of-bounds read...

autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c

A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash...

autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c

A buffer overflow flaw was found in the autotrace package. This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash...

CVE-2022-43611

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

Medium: autotrace

Issue Overview: A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. CVE-2019-19004 A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via...

Amazon Linux 2023 : autotrace, autotrace-devel (ALAS2023-2023-004)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-004 advisory. A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. CVE-2019-19004 A bitmap doubl...

SUSE CVE-2008-4069

The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file...