CVE-2019-19790

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...

CVE-2019-13647

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$fileid$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in...

CVE-2018-15815

FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file...

CVE-2018-15814

FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file...

CVE-2018-15816

FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file...

CVE-2018-15817

FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file...

CVE-2019-13981

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads//originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer...

CVE-2011-2772

The getdatarootimagepath function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service memory consumption via a 1 large or 2 invalid image...

CVE-2010-4732

cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to...

CVE-2025-4912

A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/updatestudent.php of the component Image File Handler. The manipulation of the argument oldphoto lea...

Moderate: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2025:4658 Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...

SUSE-SU-2025:1489-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing. bsc1241659...

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size due to mishandling of image depth after SetQuantumFormat is used. An attacker can manipulate the image processing results by submitting a specially crafted MIFF file. Remediation A fix was pushed int...

UBUNTU-CVE-2025-46393

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

CVE-2025-3830

A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricte...

KuangSimpleBBS 代码问题漏洞

KuangSimpleBBS is a forum tutorial project by the individual developer of kuangstudy. A code issue vulnerability exists in KuangSimpleBBS version 1.0, which originates from an unlimited upload due to incorrect operation of the parameter editormd-image-file in the file...

Autodesk AutoCAD和Autodesk Revit 缓冲区错误漏洞

Autodesk AutoCAD and Autodesk Revit are both products of Autodesk, Inc. of the U.S.A. Autodesk AutoCAD is a suite of professional 3D drawing software.Autodesk Revit is a suite of building information modeling software. A security vulnerability exists in Autodesk AutoCAD and Autodesk Revit that...

CLSA-2025-1744116383 libtiff: Fix of 4 CVEs

CVE-2024-7006: check return value of TIFFCreateAnonField to avoid potential DoS via memory allocation failures - CVE-2023-6228: validate input image codec in tiffcp to prevent heap-based buffer overflow and potential application crash - CVE-2022-40090: improve IFD loop handling in...