CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/04/15 11:26 p.m.•3 views

SUSE CVE-2026-33901

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in...

7.5CVSS6AI score0.0051EPSS

Exploits0References6

Vulnrichment•added 2026/04/15 10:53 p.m.•9 views

CVE-2026-40192 Pillow is vulnerable to a FITS GZIP decompression bomb

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

8.7CVSS5.8AI score0.00485EPSS

Exploits0References4

CVE•added 2026/04/15 10:53 p.m.•32 views

CVE-2026-40192

Pillow (Python imaging library) versions 10.3.0–12.1.1 are affected by a FITS-related decompression bomb: unbounded memory consumption from GZIP data during decoding, potentially leading to DoS. A fix is available in Pillow 12.2.0; if upgrading isn’t possible, users should avoid opening FITS imag...

8.7CVSS5.8AI score0.00485EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/04/15 10:53 p.m.•18 views

CVE-2026-40192 Pillow is vulnerable to a FITS GZIP decompression bomb

8.7CVSS0.00485EPSS

Exploits0References4

EUVD•added 2026/04/15 9:30 p.m.•4 views

EUVD-2026-23096

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

7.3CVSS6.2AI score0.00252EPSS

EUVD•added 2026/04/15 9:30 p.m.•1 views

EUVD-2026-23020

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel...

5.5CVSS6.2AI score0.00375EPSS

NVD•added 2026/04/15 8:16 p.m.•1 views

CVE-2026-40916

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service DoS. By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a...

5.5CVSS0.0021EPSS

UbuntuCve•added 2026/04/15 8:16 p.m.•1 views

CVE-2026-6384

7.8CVSS6AI score0.00252EPSS

UbuntuCve•added 2026/04/15 8:16 p.m.•0 views

CVE-2026-40915

7.8CVSS6.2AI score0.00375EPSS

RedhatCVE•added 2026/04/15 7:9 p.m.•2 views

CVE-2026-6384

7.8CVSS6.1AI score0.00252EPSS

CVE•added 2026/04/15 7:9 p.m.•17 views

CVE-2026-6384

GIMP contains a buffer overflow in the GIF image loading component’s ReadJeffsImage function. Processing a specially crafted GIF can cause writes beyond the allocated buffer, leading to denial of service and potentially arbitrary code execution. Affected software: GIMP (GIF image processing). Und...

7.8CVSS6.2AI score0.00252EPSS

Vulnrichment•added 2026/04/15 7:4 p.m.•1 views

CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

6.5AI score0.0031EPSS

ATTACKERKB•added 2026/04/15 7:4 p.m.•2 views

CVE-2026-6361

7.2CVSS6.5AI score0.0031EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/15 6:59 p.m.•2 views

CVE-2026-40918 Gimp: gimp: denial of service via crafted pvr image file

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service DoS. This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted P...

5.5CVSS6.1AI score0.00196EPSS

CVE•added 2026/04/15 6:59 p.m.•17 views

CVE-2026-40918

CVE-2026-40918 (GIMP) : A flaw in the GIMP PVR image loader can cause a denial of service when processing specially crafted, large-dimension PVR files. Root cause: a stack-based buffer overflow and an out-of-bounds read during loading, leading to application crash. Affected: systems that process ...

5.5CVSS6.1AI score0.00196EPSS

CVE•added 2026/04/15 6:59 p.m.•12 views

CVE-2026-40917

CVE-2026-40917 is reported in GIMP as a heap over-read in the ICNS image loader via icns_slurp() when processing crafted ICNS files. Affected software is GIMP; the vulnerability may cause application crashes or information disclosure. The connected documents corroborate the issue across multiple ...

7.1CVSS5.9AI score0.00167EPSS

RedhatCVE•added 2026/04/15 6:59 p.m.•4 views

CVE-2026-40918

5.5CVSS6.2AI score0.00196EPSS

CVE•added 2026/04/15 6:58 p.m.•11 views

CVE-2026-40916

Summary (CVE-2026-40916): GIMP is affected by a stack buffer overflow in the TIM image loader’s 4BPP decoding path, enabling a local user to trigger a Denial of Service by opening a crafted TIM image file. The crash is caused by an unconditional overflow when writing to a variable-length array. R...

5.5CVSS6AI score0.0021EPSS

RedhatCVE•added 2026/04/15 6:58 p.m.•2 views

CVE-2026-40915

7.8CVSS6.2AI score0.00375EPSS