CVE-2026-24823 A heap-based buffer over-read or buffer overflow vulnerability in FASTSHIFT/X-TRACK

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in FASTSHIFT X-TRACK Software/X-Track/USER/App/Utils/lvimgpng/PNGdec/src modules. This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7...

[SECURITY] [DLA 4448-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4448-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 24, 2026 https://wiki.debian.org/LTS -...

OESA-2026-1245 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1242 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

PT-2025-47807

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.3.4 through 5.5.1 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in its hardware JPEG decoder when used with the ESP32-P4. The software parser does not perform adequate...

Espressif IoT Development Framework 数字错误漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A numeric error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, and 5.3.4, which stems from a lack of validation of the JPEG decoder and could lead to...

EUVD-2010-0690

Malware in sbrugna...

NewStart CGSL MAIN 6.06 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2025-0237)

The remote NewStart CGSL host, running version MAIN 6.06, has qt5-qtbase packages installed that are affected by multiple vulnerabilities: - Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service application crash via a xml file with...

Linux Distros Unpatched Vulnerability : CVE-2022-24106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unkno...

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

PT-2025-5665 · Git +1 · Opencv

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash has been reported with an UNKNOWN READ crash type. The crash state involves several functions, including cv::PngDecoder::compose frame,...

Huawei HarmonyOS Image Decoder Module Read/Write Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the Huawei HarmonyOS image decoding module, which can be exploited by attackers to affect availability...

The vulnerability of the svg_probe function in the libavformat/img2dec.c file of the FFmpeg multimedia library, related to the execution of a loop with an unreachable exit condition, allows a hacker to cause a service failure.

The vulnerability of the svgprobe function in the libavformat/img2dec.c file of the FFmpeg multimedia library relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause a service failure by using a specially created...

ImageSharp Denial of Service Vulnerability

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API from ImageSharp. ImageSharp suffers from a denial of service vulnerability that stems from the fact that processing specially crafted files may cause the image decoder to use too much memory, which can be exploited ...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value due to the processing of specially crafted files that can lead to excessive memory usage in image decoders. This flaw can be exploited to deplete process memory, causing a denial of service an...

USN-6377-1: LibRaw vulnerability

It was discovered that LibRaw incorrectly handled certain photo files. If a user o automated system were tricked into processing a specially crafted photo file, a remote attacker could possibly cause applications linked against LibRaw to crash, resulting in a denial of service...

PT-2023-35902 · Git +1 · Serenity

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is identified, potentially causing a crash. The crash occurs in the Gfx::InputStreamer::read u24 function, which is...

USN-6137-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...

SUSE CVE-2004-0782

Integer overflow in pixbufcreatefromxpm io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain ncol and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+...

SUSE CVE-2004-0788

Integer overflow in the ICO image decoder for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted ICO file...