CVE-2026-27799

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

CVE-2026-27799

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

CVE-2026-27799 ImageMagick has a heap Buffer Over-read in its DJVU image format handler

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

CVE-2026-25997

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfclipboardformatequal reads freed lastSentFormats memory because xfclipboardformatsfree called from the cliprdr channel thread during auto-reconnect frees the array while the X11 event thread concurrently...

CVE-2026-25997

CVE-2026-25997 affects FreeRDP prior to 3.23.0. The issue is a heap use-after-free in the clipboard path: the function xf_clipboard_format_equal reads freed lastSentFormats because xf_clipboard_formats_free frees the array while the X11 event thread concurrently iterates it in xf_clipboard_change...

CVE-2026-25959

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfcliprdrprovidedata passes freed pDstData to XChangeProperty because the cliprdr channel thread calls xfcliprdrserverformatdataresponse which converts and uses the clipboard data without holding any lock,...

GHSA-R99P-5442-Q2X2 ImageMagick has a heap Buffer Over-read in its DJVU image format handler

A heap Buffer Over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride row size for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads...

Buffer Over-read

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Buffer Over-read

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Buffer Over-read

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

EUVD-2026-8772

ImageMagick has a heap Buffer Over-read in its DJVU image format handler...

Buffer Over-read

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Buffer Over-read

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

ImageMagick has a heap Buffer Over-read in its DJVU image format handler

A heap Buffer Over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride row size for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via the DJVU image format handler. An attacker can cause out-of-bounds memory reads and potentially impact the integrity or availability of the application by supplying a specially crafted DJVU file that triggers intege...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. CVE-2026-24679: heap-buffer-overflow in...

SUSE-SU-2026:0649-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. - CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. - CVE-2026-24679:...

CVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall...

Incomplete Fix for CVE-2026-1669: HDF5 External Storage File Disclosure in Legacy H5 Loading

Description Keras 3 patched CVE-2026-1669 HDF5 External Storage File Disclosure in the new .keras and .weights.h5 loading paths by adding verifydataset to check for dataset.external in H5IOStore. However, the legacy .h5 loading path keras/src/legacy/saving/legacyh5format.py was not patched. This...

CVE-2026-27629

InvenTree CVE-2026-27629 is a Server-Side Template Injection (SSTI) in PART_NAME_FORMAT prior to 1.2.3. A staff member with settings access could modify a jinja2 template used during batch code generation; after validation, this template could be used by other users to exfiltrate data or execute ...