Lucene search
+L

50 matches found

Github Security Blog
Github Security Blog
added 2 hours ago6 views

ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes

Summary ExifReader 4.40.0 can throw an uncaught RangeError: Offset is outside the bounds of the DataView while parsing crafted HEIC/AVIF files. The file only needs a valid leading ftyp box with a HEIC/AVIF major brand followed by a malformed ISO-BMFF box, such as an empty 8-byte free box or a...

5.6AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2 hours ago5 views

NPM: ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes

NPM: ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes vulnerability discovered by ? in WordPress Npm exifreader versions = 4.40.0...

5.3AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/08 3:9 p.m.8 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34589 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34589 Source advisory: OSV:GHSA-P8XC-W3Q4-H64X...

8.8CVSS5.7AI score0.00419EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/08 3:9 p.m.6 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34588 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34588 Source advisory: OSV:GHSA-588R-CR5C-W6HF...

8.8CVSS7AI score0.00482EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/06 5:51 p.m.6 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-26981 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-26981 Source advisory: OSV:GHSA-Q6VJ-WXVF-5M8C...

6.5CVSS5.7AI score0.00523EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/06 5:51 p.m.6 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64182 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

7.8CVSS7AI score0.00237EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/06 5:51 p.m.7 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64181 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

7.5CVSS7AI score0.00373EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/06 4:9 p.m.8 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34379 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34379 Source advisory: SNYK:PYTHON-OPENEXR-15993246...

7.1CVSS5.7AI score0.00283EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/02 6:30 p.m.4 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-27622 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-27622 Source advisory: OSV:GHSA-CR4V-6JM6-4963...

8.4CVSS7AI score0.00201EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/12/23 9:41 p.m.5 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-12840 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

7.8CVSS7AI score0.00158EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/23 9:41 p.m.6 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-12495 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

7.8CVSS7AI score0.00158EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/10 9:42 p.m.4 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64183 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

7.5CVSS7AI score0.00294EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.6 views

CVE-2024-48514

php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...

9.8CVSS7.6AI score0.00961EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/09 5:18 a.m.4 views

Malicious code in sharp-heic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db9ffb0551887208262a5445e00bde6f964551601c407e01dfd493ef1b144e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/04/09 5:18 a.m.4 views

MAL-2025-3198 Malicious code in sharp-heic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db9ffb0551887208262a5445e00bde6f964551601c407e01dfd493ef1b144e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Veracode
Veracode
added 2024/10/28 6:23 a.m.7 views

Remote Code Execution

php-heic-to-jpg is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of HEIC image uploads, allowing an attacker to execute code on the remote server via the image file name...

9.8CVSS7.6AI score0.00961EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2024/10/24 6:30 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file name. An attacker who can upload heic images is able to execute code on the remote server. Remediation Upgrade maestroerror/php-heic-to-jpg to version 1.0.5 or higher. References - GitHub Commit -...

9.8CVSS8.1AI score0.00961EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/10/24 6:30 p.m.17 views

Remote code execution in php-heic-to-jpg

php-heic-to-jpg 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg below 1.0.5...

9.8CVSS9.7AI score0.00961EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/10/24 6:30 p.m.11 views

GHSA-G8V9-C8M3-942V Remote code execution in php-heic-to-jpg

php-heic-to-jpg 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg below 1.0.5...

9.8CVSS9.8AI score0.00961EPSS
Exploits1References6
NVD
NVD
added 2024/10/24 6:15 p.m.17 views

CVE-2024-48514

php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...

9.8CVSS0.00961EPSS
Exploits1References4
Rows per page
Query Builder