Lucene search
K

88 matches found

RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-53467

A flaw was found in ImageMagick. The MNG decoder in ImageMagick contains a heap information disclosure vulnerability. This flaw could allow an attacker to potentially access sensitive information from memory due to parts of image pixels being left unchanged during processing. This could lead to...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-53467

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versio...

5.3CVSS0.00197EPSS
Exploits0References1
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-53467

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versio...

5.3CVSS5.8AI score0.00197EPSS
Exploits0
NVD
NVD
added 4 days ago6 views

CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS0.00663EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/21 1:26 p.m.6 views

EUVD-2026-38174

ImageMagick before 7.1.2-15 and 6.x before 6.9.13-40 contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte...

6.3CVSS5.8AI score0.00223EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/21 1:26 p.m.5 views

CVE-2026-56378

ImageMagick before 7.1.2-15 and 6.x before 6.9.13-40 contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte...

8.2CVSS5.8AI score0.00223EPSS
Exploits0
OSV
OSV
added 2026/06/13 1:38 a.m.8 views

MGASA-2026-0205 Updated libpng packages fix security vulnerabilities

LIBPNG has a use-after-free in pngsetPLTE, pngsettRNS and pngsethIST leading to corrupted chunk data and potential heap information disclosure. CVE-2026-34757 Chunk smuggling in push-mode APNG parser via unconsumed chunk body. CVE-2026-40930...

5.4CVSS5.4AI score0.00202EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

EulerOS 2.0 SP13 : glib-networking (EulerOS-SA-2026-2332)

According to the versions of the glib-networking package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in glib-networking. A malicious Transport Layer Security TLS server can exploit an out- of-bounds read and invalid free...

5.7AI score
Exploits0References2
NVD
NVD
added 2026/06/05 4:16 p.m.13 views

CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

6.5CVSS0.00277EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 3:56 p.m.40 views

CVE-2026-48104 GHSL-2026-120: 7-Zip SquashFS BlockToNode uninitialized heap read

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

4.2CVSS0.00179EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 3:56 p.m.5 views

CVE-2026-48104

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

4.2CVSS5.5AI score0.00179EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/05 3:56 p.m.11 views

EUVD-2026-34853

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

4.2CVSS5.5AI score0.00179EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 3:17 p.m.41 views

CVE-2026-48101 GHSL-2026-117: 7-Zip UEFI Capsule uninitialized heap memory disclosure

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

6.5CVSS0.00277EPSS
Exploits1References1
CVE
CVE
added 2026/06/05 3:17 p.m.31 views

CVE-2026-48101

The CVE-2026-48101 entry concerns 7-Zip (versions 9.21–26.00) with an uninitialized heap memory disclosure in the UEFI capsule (.scap) parser. The OpenCapsule function allocates a heap buffer sized by attacker-supplied CapsuleImageSize (up to 1 GiB) without zero-initialization, then fills it via ...

6.5CVSS5.7AI score0.00277EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/05 3:17 p.m.19 views

CVE-2026-48101 GHSL-2026-117: 7-Zip UEFI Capsule uninitialized heap memory disclosure

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

6.5CVSS5.6AI score0.00277EPSS
Exploits1References1
CVE
CVE
added 2026/06/05 1:51 p.m.31 views

CVE-2026-48092

CVE-2026-48092 affects 7-Zip versions 9.34 through 26.00 on 32-bit builds. The root cause is a 32-bit integer overflow in the SquashFS ReadBlock function, allowing an attacker-controlled node.Offset to bypass the fragment bounds check and cause memcpy to read heap memory into the extracted file, ...

8.1CVSS5.7AI score0.00324EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/05 1:51 p.m.7 views

CVE-2026-48092

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer overflow in the SquashFS ReadBlock function allows an attacker-controlled node.Offset value to bypass...

8.1CVSS5.6AI score0.00324EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:3 a.m.8 views

CVE-2026-8829

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...

5.9AI score0.0031EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 2:3 a.m.14 views

EUVD-2026-34194

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...

7.5CVSS5.9AI score0.0031EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1670)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1670 advisory. Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding getter back into the setter causes the setter to read from a stale point...

5.1CVSS5.8AI score0.00195EPSS
Exploits1References4
Rows per page
Query Builder