Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, using the magick stream command in ImageMagick, specifying multiple consecutive %d format specifiers in a filename template caused a memory leak. Versions...

GNU C Library 安全漏洞

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library from 2.7 to 2.43 contained security vulnerabilities. These vulnerabilities stemmed from the use of %mc and format specifiers with a width...

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

EUVD-2026-21063

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

CVE-2026-40087

LangChain CVE-2026-40087 affects the f-string prompt-template validation prior to versions 0.3.84 and 1.2.28. The vulnerability arises because DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and evaluate them during formatting,...

PT-2026-31716

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

CVE-2025-68816

The CVE-2025-68816 entry concerns the Linux kernel mlx5 fw_tracer, where the firmware tracer could receive malformed format strings. The vulnerability stems from unvalidated format specifiers in trace strings, risking crashes or undefined behavior when bad firmware supplies invalid specifiers. Th...

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

EUVD-2008-1113

Malware in sbrugna...

EUVD-2020-20034

Malware in sbrugna...

CLSA-2025-1759145882 Fix CVE(s): CVE-2025-53019

SECURITY UPDATE: memory leak via multiple consecutive %d format specifiers in filename template - debian/patches/CVE-2025-53019.patch: Fix memory leak when entering StreamImage multiple times - CVE-2025-53019...

CLSA-2025-1759145639 Fix CVE(s): CVE-2025-53019

SECURITY UPDATE: memory leak when specifying multiple %d format specifiers in filename template - debian/patches/CVE-2025-53019.patch: Fix memory leak when entering StreamImage multiple times - CVE-2025-53019...

CLSA-2025-1758289815 Fix CVE(s): CVE-2025-53101

SECURITY UPDATE: stack overflow via multiple consecutive %d format specifiers in filename template - debian/patches/CVE-2025-53101.patch: Fix InterpretImageFilename function by adjusting the offset to prevent potential buffer overflow - CVE-2025-53101...

CLSA-2025-1758289801 Fix CVE(s): CVE-2025-53101

SECURITY UPDATE: stack overflow via multiple consecutive %d format specifiers in filename template - debian/patches/CVE-2025-53101.patch: Fix image filename interpretation issue by adjusting the offset value - CVE-2025-53101...

Memory Leakage

ImageMagick is vulnerable to Memory Leakage. The vulnerability is due to improper handling of format specifiers because multiple consecutive %d in a filename template within the magick stream command trigger memory leakage...

Stack-based Buffer Overflow

ImageMagick is vulnerable to stack-based buffer overflow. The vulnerability is due to improper pointer arithmetic when multiple consecutive %d format specifiers are used in the magick mogrify command filename template, which allows an attacker to trigger a stack overflow through vsnprintf...

CVE-2025-55298

A flaw was found in ImageMagick. Processing a file with a specially crafted name, specifically one with format specifiers such as %d, %o, or %x, can trigger a format string bug due to improper input sanitization, resulting in a heap-based buffer over-read or arbitrary code execution. Mitigation T...

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2025:02751-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02751-1 advisory. - CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 - CVE-2025-53019: Fixed format specifiers in a...

DEBIAN-CVE-2025-53101

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick mogrify command, specifying multiple consecutive %d format specifiers in a filename template causes internal pointer arithmetic to...