OSV-2026-828 Use-of-uninitialized-value in ReadContainer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517870853 Crash type: Use-of-uninitialized-value Crash state: ReadContainer PKImageDecodeInitializeWMP PKCodecFactoryCreateDecoderFromFile...

CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

PT-2026-32144

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A security flaw exists in FoundationAgents MetaGPT versions up to 0.8.1. The decode image function within the metagpt/utils/common.py file is susceptible to server-side request forgery...

CVE-2026-34781

A flaw was found in Electron. An application that calls clipboard.readImage may be vulnerable to a denial of service DoS. If the system clipboard contains image data that fails to decode, the application can crash. This vulnerability does not lead to memory corruption or code execution. Mitigatio...

MiracleLinux 4 : firefox-68.7.0-2.0.1.AXS4 (AXSA:2020-4717:09)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4717:09 advisory. Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method CVE-2020-6821 Mozilla: Memory safety bugs fixed in Firefox 7...

Denial-of-service (DoS)

pypdf is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of inline images using the DCTDecode filter during PDF content stream parsing, which allows an attacker to craft a malicious PDF that triggers an infinite loop and causes CPU exhaustion...

CVE-2025-46407

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the...

PT-2025-5655 · Opencv · Opencv

Name of the Vulnerable Software and Affected Versions: OpenCV affected versions not specified Description: The issue is related to a heap buffer overflow read in the PngDecoder of OpenCV. The crash occurs in the cv::PngDecoder::readHeader function, which is called by cv::imdecode and cv::imdecode...

OESA-2023-1985 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

PT-2023-8463 · Jasper +1 · Jasper +1

Name of the Vulnerable Software and Affected Versions: Jasper-Software Jasper versions 4.1.1 and earlier Description: The issue is related to an invalid memory write that allows a local attacker to execute arbitrary code. It involves a buffer overflow in memory when handling an ICC profile,...

SUSE CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

SUSE CVE-2018-14046

Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp...

skia/image_decode: Use-of-uninitialized-value in sse2::blit_row_s32a_opaque

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5762139996815360 Project: skia Fuzzer: libFuzzerskiaimagedecode Fuzz target binary: imagedecode Job Type: libfuzzermsanskia Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

skia/animated_image_decode: Container-overflow in piex::GetFullCropDimension

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5667932416770048 Project: skia Fuzzer: libFuzzerskiaanimatedimagedecode Fuzz target binary: animatedimagedecode Job Type: libfuzzerasanskia Platform Id: linux Crash Type: Container-overflow READ 4...

skia/image_decode: Heap-buffer-overflow in GetLE16

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5727301313495040 Project: skia Fuzzer: aflskiaimagedecode Fuzz target binary: imagedecode Job Type: aflasanskia Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6070000004...