RLSA-2025:22417 Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP DCM...

EUVD-2025-200141

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-58477

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

PT-2025-48595

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

JLSEC-2025-262 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a c...

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045...

JLSEC-2025-272 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...

JLSEC-2025-263 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3....

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

JLSEC-2025-298 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to...

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127...

JLSEC-2025-314 A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcro...

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file...

USN-7877-1 libcupsfilters vulnerabilities

It was discovered that libcupsfilters incorrectly handled certain malformed TIFF image files. A remote attacker could use this issue to cause libcupsfilters to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-57812 It was discovered that libcupsfilters...

TencentOS Server 3: gimp:2.8 (TSSA-2025:0473)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0473 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-4212 Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-57812 [BIGSLEEP-434612419] CUPS-Filters has heap-buffer-overflow write in `cfImageLut()`

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17...

EUVD-2025-131923

A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

RHEL 8 : libtiff (RHSA-2025:19947)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19947 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Libtiff...

[SECURITY] Fedora 42 Update: qt5-qtimageformats-5.15.18-1.fc42

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA,...

GHSA-J945-QM58-4GJX motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Web UI. An attacker can execute arbitrary system commands by supplying crafted input to configuration fields such as imagefilename and moviefilename, that are written directly to...

RLSA-2025:19156 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Libtiff Write-What-Where CVE-2025-9900 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

RLSA-2025:19276 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Libtiff Write-What-Where CVE-2025-9900 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...