exiv2 -- Denial-of-service

Kevin Backhouse reports: A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying th...

CVE-2025-20347

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

[SECURITY] Fedora 42 Update: libtiff-4.7.0-8.fc42

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

[SECURITY] Fedora 41 Update: libtiff-4.6.0-6.fc41.2

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

Linux Distros Unpatched Vulnerability : CVE-2020-9489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

ImageMagick has a heap-buffer-overflow

Summary While Processing a crafted TIFF file, imagemagick crashes. Details Following is the imagemagick version: imagemagickgit/build26jun23/bin/magick --version Version: ImageMagick 7.1.1-13 Beta Q16-HDRI x8664 56f478940:20230625 https://imagemagick.org Copyright: C 1999 ImageMagick Studio LLC...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Heap-based Buffer Overflow

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the processing of crafted TIFF files. An attacker can cause the application to crash by supplying a specially crafted file. Remediation A fix was pushed into the master branch but not yet published...

CVE-2025-35984

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the image decoding process. An attacker can execute arbitrary code by supplying a specially crafted .pcx file and convincing the target to process it. Remediation Upgrade sail to version 0.9.10 or higher...

Linux Distros Unpatched Vulnerability : CVE-2019-5052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulti...

Linux Distros Unpatched Vulnerability : CVE-2017-2899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif'...

CVE-2025-9145

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

macOS 14.x < 14.7.8 (124928)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.7.8. It is, therefore, affected by a vulnerability: - Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticat...

macOS 13.x < 13.7.8 (124929)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.7.8. It is, therefore, affected by a vulnerability: - Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticat...