OSV-2025-512 Invalid-free in pdf_decodestream

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428754704 Crash type: Invalid-free Crash state: pdfdecodestream pdfextractobj clipdf...

PT-2025-34466 · Git · Clamav

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428754704 Crash type: Invalid-free Crash state: pdf decodestream pdf extract obj cli pdf...

SUSE SLED15: clamav / clamav-devel / clamav-docs-html / clamav-milter / etc (SUSE-SU-2025:02200-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02200-1 advisory. ClamAV version 1.4.3: - CVE-2025-20260: PDF Scanning Buffer Overflow Vulnerability bsc1245054. ...

Python Library Pillow 11.2.x < 11.3.0 Write Buffer Overflow

The detected version of the Pillow Python package, Pillow, is 11.2.x prior to 11.3.0. It is, therefore, affected by a write buffer overflow vulnerability. There is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing int...

The vulnerability of the library for working with the DICOM format in DCMT, related to the occurrence of operations outside the buffer in memory, allows a malicious actor to trigger a service failure.

The vulnerability of the library for working with the DICOM format in DCMT is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created DICOM file...

SUSE CVE-2025-48379

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

Security update for clamav

This update for clamav fixes the following issues: ClamAV version 1.4.3: CVE-2025-20260: PDF Scanning Buffer Overflow Vulnerability bsc1245054. CVE-2025-20234: Vulnerability in Universal Disk Format UDF processing bsc1245055. Other bugfixes: Fix a race condition between the mockup servers started...

thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...

CVE-2025-48379

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

PYSEC-2025-61

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

PYSEC-2025-61

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

UBUNTU-CVE-2025-48379

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

CVE-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

CVE-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

CVE-2025-48379

CVE-2025-48379 (Pillow) Vulnerability: Pillow (Python imaging library) versions 11.2.0 through before 11.3.0 contain a heap buffer overflow when saving large (&gt;64k) images in DDS format, caused by writing into a buffer without checking available space. The issue affects users who save untruste...

CVE-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

GHSA-XG8H-J46F-W952 Pillow vulnerability can cause write buffer overflow on BCn encoding

There is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. Unclear how large the potential...

Pillow vulnerability can cause write buffer overflow on BCn encoding

There is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. Unclear how large the potential...

PT-2025-27574 · Pillow · Pillow

Name of the Vulnerable Software and Affected Versions: Pillow versions 11.2.0 through 11.2.x Description: The issue is a heap buffer overflow that occurs when writing a sufficiently large image in the DDS format. This happens because the library writes into a buffer without checking for available...

SUSE CVE-2025-6856

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FLreggclist of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...