Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0144-1 Rating: important References: 1261157 1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Backports SLE-15-SP6 An update that solves one vulnerability and has one errata is now...

UBUNTU-CVE-2026-40494

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

UBUNTU-CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40494

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

CVE-2026-6384 Gimp: gimp: arbitrary code execution or denial of service via buffer overflow in gif image processing

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

Fedora 43 : roundcubemail (2026-8ba1a085a9)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8ba1a085a9 advisory. Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the...

Updated roundcubemail packages fix security vulnerability

SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...

MGASA-2026-0089 Updated roundcubemail packages fix security vulnerability

SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can cause unauthorized remote image loading by embedding specially crafted SVG content with animate elements using attributes such as fill,...

CLSA-2026-1773308764 Fix CVE(s): CVE-2026-25796, CVE-2026-25798, CVE-2026-25799, CVE-2026-26066

SECURITY UPDATE: denial-of-service via division-by-zero in image loading - debian/patches/CVE-2026-25799.patch: Fix sampling-factor validation by replacing incorrect AND with OR in horizontal/vertical axis checks and prevent acceptance of invalid sampling caused by flawed boolean logic. -...

CLSA-2026-1773225871 Fix CVE(s): CVE-2026-25796, CVE-2026-25798, CVE-2026-25799, CVE-2026-26066

SECURITY UPDATE: division-by-zero during image loading resulting in reliable denial-of-service - debian/patches/CVE-2026-25799.patch: Fix sampling-factor validation by replacing && with || so invalid horizontal or vertical factors trigger an error; cause: incorrect boolean expression required bot...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal in detectAndLoadPromptImages or loadImageFromRef. An attacker can access and load image data from out-of-workspace paths by referencing mounted paths in prompt text...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero via the TransformImageColorspace function. An attacker can cause a crash and disrupt service availability by providing a specially crafted YUV image with invalid sampling factors that trigger a division-by-zero during...

Division by zero

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Division by zero

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Division by zero

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Division by zero

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Division by zero

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...