Lucene search
+L

722 matches found

Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60885

Name of the Vulnerable Software and Affected Versions JLine versions prior to 3.30.14 JLine versions prior to 4.0.16 JLine versions prior to 4.2.1 Description The JLine3 Telnet server remote-telnet module fails to apply an upper bound to terminal dimensions received via the Telnet NAWS option. Th...

7.5CVSS5.4AI score
Exploits0References11
RedHat Linux
RedHat Linux
added 2 days ago6 views

kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...

7.8CVSS6.7AI score0.00139EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago5 views

kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

python-pillow: Pillow: Denial of Service via crafted BDF font file

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical...

7.5CVSS6.1AI score0.00364EPSS
Exploits1References7
NVD
NVD
added 2026/07/10 5:16 p.m.8 views

CVE-2026-53653

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS0.00301EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 4:12 p.m.6 views

CVE-2026-53653

Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/10 4:12 p.m.6 views

EUVD-2026-42943

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/10 4:12 p.m.39 views

CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS0.00301EPSS
Exploits0References5
OSV
OSV
added 2026/07/10 4:12 p.m.4 views

CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/08 5:24 p.m.42 views

CVE-2026-59938 pypdf: Possible large memory usage for wrong image dimensions

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS0.00303EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 5:24 p.m.12 views

CVE-2026-59938

CVE-2026-59938 affects the Python PDF library pypdf. Before version 6.14.0, an attacker can craft a PDF with image size values declared much larger than actual data, causing large memory usage during pypdf image parsing. Root cause: mismatch between declared image dimensions and image data in the...

6.9CVSS6AI score0.00303EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/08 5:24 p.m.5 views

CVE-2026-59938 pypdf: Possible large memory usage for wrong image dimensions

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/08 2:15 p.m.7 views

gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS6AI score0.0031EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 11:34 a.m.7 views

BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS5.9AI score0.00364EPSS
Exploits1References4
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1013 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs

Impact If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error: python np.ones0, 231, 231 An example of a proof of concept: python import numpy as np import tensorflow as tf inputval =...

4.8CVSS5.9AI score0.0033EPSS
Exploits1References6
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1028 TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`

Impact The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf strides = 1, 1, 1, 1 padding = "SAME" usecudnnongpu = True explicitpaddings =...

5.9CVSS5.9AI score0.00398EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/07/07 10:13 a.m.6 views

CVE-2026-55380

A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing a specially crafted GD 2.x image file. The GdImageFile.open function reads image dimensions without proper validation, leading to excessive memory allocation. This can result in a...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References6
NVD
NVD
added 2026/07/06 7:17 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS0.00361EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/06 6:52 p.m.6 views

EUVD-2026-41902

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/06 6:52 p.m.4 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6.6AI score0.00364EPSS
Exploits1
Rows per page
Query Builder