Moderate: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2025:4658 Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...

SUSE-SU-2025:1489-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing. bsc1241659...

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size due to mishandling of image depth after SetQuantumFormat is used. An attacker can manipulate the image processing results by submitting a specially crafted MIFF file. Remediation A fix was pushed int...

UBUNTU-CVE-2025-46393

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

OpenSearch Dashboards Reports 安全漏洞

OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports version 2.19, which stems from the Dashboards Reports module containing a...

Security update for tiff

This update for tiff fixes the following issues: CVE-2024-7006: Fix pointer deref in tifdirinfo.c bsc1228924 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...

RLSA-2024:8833 Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: NULL pointer dereference in tifdirinfo.c CVE-2024-7006 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

[SECURITY] Fedora 40 Update: libtiff-4.6.0-5.fc40.1

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

libheif 安全漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. A security vulnerability exists in libheif version 1.17.6, which stems from insufficient checks when decoding HEIF files containing forged offsets, which could lead to out-of-bounds reads and write...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software, related to the occurrence of operations outside the buffer in memory, allows attackers to disclose protected information.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created TIF file...

RHEL 8 : libtiff (RHSA-2024:5079)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5079 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-base...

CVE-2024-40630 HEIF Heap OOB Read in OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...

SUSE CVE-2024-25580

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file...

gimp: dds buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious DDS file, possibly enabling the execution of unauthorized code within the GIMP process...

LibTIFF Security Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF, which stems from a lack of memory, where passing a carefully crafted tiff file to the TIFFOpen AP...

LibTIFF Security Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF that stems from a memory leak when tiffcrop operates on TIFF image files, causing the application ...

Imaging Input Validation Error Vulnerability

Imaging is a simple Go image processing package from the individual developer Grigory Dryapak. A security vulnerability exists in Imaging version 1.6.2, which stems from a vulnerability that allows an attacker to cause a panic in the scanning functionality of Scanner.go via a crafted TIFF file...

The vulnerability of the 3D viewing tool JT JT2Go, the Product Lifecycle Management system Teamcenter Visualization, and the design and simulation tools set by Siemens Solid Edge allows a malicious actor to execute arbitrary code within the context of the current process.

The vulnerability of the 3D viewing tool JT JT2Go, the product lifecycle management system Teamcenter Visualization, and the design and simulation tools set by Siemens Solid Edge relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows an attacker t...