Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2

...

The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service

...

Out-of-bounds Write

ImageSharp is vulnerable to an Out-of-Bounds Write. The vulnerability is due to improper memory handling due to an issue in the GIF decoder, allowing attackers to craft a malicious GIF that causes a crash, potentially leading to a denial of service...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the gif decoder. An attacker can cause a crash using a specially crafted gif, potentially leading to denial of service by exploiting the out-of-bounds write condition. PoC using var image =...

Out-of-bounds Write in SixLabors ImageSharp

Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. Patches The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10...

GHSA-2CMQ-823J-5QJ8 Out-of-bounds Write in SixLabors ImageSharp

Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. Patches The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10...

CVE-2025-27598

CVE-2025-27598 affects SixLabors.ImageSharp, specifically the GIF decoder, where an out-of-bounds write can cause a crash and potential denial of service. The issue stems from improper handling in GIF decoding. Remediation is to upgrade ImageSharp to v3.1.7 or v2.1.10 (or higher). Multiple source...

CVE-2025-27598 Out-of-bounds Write in SixLabors ImageSharp

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to...

CVE-2025-27598 Out-of-bounds Write in SixLabors ImageSharp

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to...

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. CVE-2016-0740 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

ImageSharp 缓冲区错误漏洞

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API open-sourced by Six Labors. A buffer error vulnerability exists in ImageSharp versions prior to v3.1.7 and v2.1.10, which stems from an out-of-bounds write vulnerability in the gif decoder that could result in a cra...

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed stack-buffer overflow in vorbishandleidentificationpacket bsc1234415. CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser bsc1234450. CVE-2024-47600: Fixed Out-of-bounds read in...

SUSE-SU-2025:20134-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-47538: Fixed stack-buffer overflow in vorbishandleidentificationpacket bsc1234415. - CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser bsc1234450. - CVE-2024-47600: Fixed Out-of-bounds read in...

Linux Distros Unpatched Vulnerability : CVE-2022-38784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially...

Linux Distros Unpatched Vulnerability : CVE-2023-38633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem...

Linux Distros Unpatched Vulnerability : CVE-2023-29408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms o...

Linux Distros Unpatched Vulnerability : CVE-2022-41723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of...

PT-2025-9577 · Google · Android

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A denial of service issue occurs when decoding a JPEG, specifically in the dng lossless decoder::HuffDecode function, due to a null pointer exception htbl = nullptr related to Huffman tables...

SUSE CVE-2022-49223

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold port reference until decoder release KASAN + DEBUGKOBJECTRELEASE reports a potential use-after-free in cxldecoderrelease where it goes to reference its parent, a cxlport, to free its id back to port-decoderida. BUG...

DEBIAN-CVE-2022-49223

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold port reference until decoder release KASAN + DEBUGKOBJECTRELEASE reports a potential use-after-free in cxldecoderrelease where it goes to reference its parent, a cxlport, to free its id back to port-decoderida. BUG...