Lucene search
+L

486 matches found

EUVD
EUVD
added last week9 views

EUVD-2026-43186

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...

6.3CVSS6.1AI score0.00265EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-59938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 6:16 p.m.12 views

CVE-2026-59938

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS0.00303EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/08 5:24 p.m.7 views

CVE-2026-59938

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS6AI score0.00303EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56528

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.14.0 Description An attacker can craft a PDF file with declared image size values that are significantly larger than the actual data. This leads to excessive memory consumption during the image parsing process within...

6.9CVSS6AI score0.00303EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/06 8:9 p.m.6 views

EUVD-2026-41926

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:29 p.m.7 views

CVE-2026-58379

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.7AI score0.00233EPSS
Exploits0References6
OSV
OSV
added 2026/06/16 4:50 p.m.2 views

CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord function by processing a specially crafted or very small XPM X PixMap image file. This improper validation of file boundaries can cause an internal pointer to read...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/15 2:6 a.m.13 views

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS7.9AI score0.00755EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.19 views

RHEL 9 : gimp (RHSA-2026:25899)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25899 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

7.8CVSS8AI score0.00755EPSS
Exploits1References12
AlpineLinux
AlpineLinux
added 2026/06/05 3:19 p.m.8 views

CVE-2026-48102

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

4.3CVSS5.5AI score0.00189EPSS
Exploits1References1
OSV
OSV
added 2026/05/27 2:17 p.m.7 views

UBUNTU-CVE-2026-46072

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in openimageio

A read vulnerability exists in the handling of IPTC data when parsing TIFF images in OpenImageIO v2.3.19.0. A specially crafted TIFF file can cause a read of adjacent heap memory, potentially exposing sensitive process information. An attacker can provide a malicious file to exploit this...

9.1CVSS8AI score0.01458EPSS
Exploits1References2
NVD
NVD
added 2026/05/19 7:16 a.m.24 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS0.00528EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/19 5:0 a.m.11 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 5:0 a.m.40 views

CVE-2026-8813

CVE-2026-8813 affects exifreader before 4.39.0. A crafted ICC profile mluc tag allows an attacker-controlled record count with a zero record size, causing the parser to repeatedly process the same records and grow memory usage, leading to DoS. Proof-of-concept in SNYK shows a large loop with mluc...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 5:0 a.m.10 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/19 5:0 a.m.58 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS0.00528EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

RHEL 8 : gimp:2.8 (RHSA-2026:17533)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17533 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

7.8CVSS7.5AI score0.00755EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-40358

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2
Rows per page
Query Builder