8812 matches found
Use of Externally-Controlled Format String
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2025-55298 ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...
Use of Externally-Controlled Format String
Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Format String via the InterpretImageFilename function, where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can execute arbitrary code or cause a heap-based buff...
CVE-2025-55298 ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...
CVE-2025-55298
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution
Summary A format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code...
GHSA-9CCG-6PJW-X645 ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution
Summary A format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code...
PT-2025-34798
Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-28 ImageMagick versions prior to 7.1.2-2 Description: ImageMagick is software used for editing and manipulating digital images. A format string bug exists in the InterpretImageFilename function where user...
Mahara 安全漏洞
Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 22.10.6, 23.04.6, and 24.04.1, which stems from an uploaded filename that contains malicious JavaScript code that could lead to a cross-site scripting...
ImageMagick has a Memory Leak in magick stream
Summary In ImageMagick's magick stream command, specifying multiple consecutive %d format specifiers in a filename template causes a memory leak. Details - Vulnerability Type: Memory leak - Affected Version: ImageMagick 7.1.1-47 as of commit 82572afc, June 2025 Reproduction Tested Environment -...
GHSA-CFH4-9F7V-FHRC ImageMagick has a Memory Leak in magick stream
Summary In ImageMagick's magick stream command, specifying multiple consecutive %d format specifiers in a filename template causes a memory leak. Details - Vulnerability Type: Memory leak - Affected Version: ImageMagick 7.1.1-47 as of commit 82572afc, June 2025 Reproduction Tested Environment -...
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename
Heap Buffer Overflow in InterpretImageFilename Summary A heap buffer overflow was identified in the InterpretImageFilename function of ImageMagick. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs...
GHSA-HM4X-R5HC-794F ImageMagick has a Heap Buffer Overflow in InterpretImageFilename
Heap Buffer Overflow in InterpretImageFilename Summary A heap buffer overflow was identified in the InterpretImageFilename function of ImageMagick. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs...
ImageMagick has a Stack Buffer Overflow in image.c
Hi, we have found a stack buffer overflow and would like to report this issue. Could you confirm if this qualifies as a security vulnerability? I am happy to provide any additional information needed. Summary In ImageMagick's magick mogrify command, specifying multiple consecutive %d format...
GHSA-QH3H-J545-H8C9 ImageMagick has a Stack Buffer Overflow in image.c
Hi, we have found a stack buffer overflow and would like to report this issue. Could you confirm if this qualifies as a security vulnerability? I am happy to provide any additional information needed. Summary In ImageMagick's magick mogrify command, specifying multiple consecutive %d format...
PT-2025-34597 · Joomla +1 · Joomla! +1
Name of the Vulnerable Software and Affected Versions: Quantum Manager versions 1.0.0 through 3.2.0 Description: A stored cross-site scripting XSS issue was identified in the Quantum Manager component for Joomla. The SVG upload feature does not properly sanitize uploaded files, allowing for the...
ruoyi-go 路径遍历漏洞
ruoyi-go is a backend management system for individual developers at lostvip.com. A path traversal vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from the improper handling of the fileName parameter in the DownloadTmp/DownloadUpload function in the file...
PT-2025-34680 · Lostvip Com · Ruoyi-Go
Name of the Vulnerable Software and Affected Versions: lostvip-com ruoyi-go versions prior to 2.1 Description: A security flaw exists in the DownloadTmp/DownloadUpload function within the modules/system/controller/CommonController.go file. Manipulation of the fileName argument can lead to a path...
Linux Distros Unpatched Vulnerability : CVE-2017-18226
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2017-9061
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not proper...