PT-2025-15336 · Unknown · Sticker Center

Name of the Vulnerable Software and Affected Versions: Sticker Center versions prior to SMR Apr-2025 Release 1 Description: The issue is related to improper access control in the Sticker Center, allowing local attackers to access image files with system privileges. Recommendations: For versions...

The vulnerability of the TIFF Image development platform QNX SDP allows attackers to disclose protected information.

The vulnerability of the TIFF Image development platform QNX SDP is related to an off-by-one error. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system’s security measures...

Linux Distros Unpatched Vulnerability : CVE-2023-3576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafte...

Linux Distros Unpatched Vulnerability : CVE-2017-12601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenCV Open Source Computer Vision Library through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmtbmp.cpp when...

Linux Distros Unpatched Vulnerability : CVE-2017-12603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenCV Open Source Computer Vision Library through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when...

Linux Distros Unpatched Vulnerability : CVE-2017-12451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bfdxcoffreadarhdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils...

OESA-2025-1198 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: Exiv2 is a C++ library and a...

Heap Buffer Overflow

libexiv2.so is vulnerable to a Heap Buffer Overflow. The vulnerability is due to a heap buffer overflow triggered when writing metadata into a crafted image file, allows an attacker could exploit this to achieve code execution if a victim processes a malicious image with Exiv2...

OpenSearch Dashboards Reports 安全漏洞

OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports version 2.19, which stems from the Dashboards Reports module containing a...

Astra Linux - уязвимость в imagemagick

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service...

MGASA-2025-0046 Updated qtbase5 & qtbase6 packages fix security vulnerabilities

network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 A buffer overflow and application crash can occur via a crafted KTX image file. CVE-2024-25580 Code to make security-relevant decisions about an established connection may execute too early, because...

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

Security update for tiff

This update for tiff fixes the following issues: CVE-2024-7006: Fix pointer deref in tifdirinfo.c bsc1228924 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...

Medium: openjpeg2

Issue Overview: openjpeg: denail of service via crafted image file CVE-2023-39328 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.6.20250123 or dnf update --advisory ALAS2023-2025-821 --releasever 2023.6.20250123 to update your system. More information on...

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2024-13144

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It...

PT-2025-2030 · Unknown · Zhenfeng13 My-Blog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog version 1.0 Description: A critical vulnerability has been found in the software. It affects the uploadFileByEditomd function in the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The...

My-Blog 代码问题漏洞

My-Blog is a Java blog system implemented by SpringBoot + Mybatis + Thymeleaf and other technologies, with beautiful pages, full functionality, easy deployment and perfect code. A code issue exists in My-Blog version 1.0, which stems from an incorrect operation of the parameter editormd-image-fil...

Malicious code in handyfiles (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 381cd796d4e5fce8fb62c337374b5303e0b2466d67467efc95cbc4d7d8248dd4 During the installation, the package iterates its files and attempts to import a hidden module - which is embedded as ZIP archive in the image file --- Categor...

PT-2024-17649 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this,...