Lucene search
K

95 matches found

Cvelist
Cvelist
added yesterday12 views

CVE-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53016

Summary An arbitrary file write exists in the Incus client when a malicious image server returns a crafted Incus-Image-Hash header. This can lead to arbitrary command execution as root on the server. Details - cmd/incusd/images.go:611-684 handles source.type=url by HEADing the user-supplied URL,...

9.9CVSS6.2AI score
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53206

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

5.5CVSS0.00112EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52302

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where the firmware runtime memory specified in the image header is not properly validated. The lack of bounds checks for alignment and size ca...

5.5CVSS6AI score0.00112EPSS
Exploits0References10
NVD
NVD
added 2026/05/22 11:16 a.m.11 views

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 10:18 a.m.13 views

EUVD-2026-31427

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:31 a.m.3 views

CVE-2026-41309

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

8.2CVSS5.7AI score0.00369EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/06 3:19 p.m.5 views

CVE-2026-34378

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

6.5CVSS6AI score0.00262EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

stb 资源管理错误漏洞

STB is a public domain library for C/C++ developed by Sean Barrett. Versions of STB prior to 2.30 contained a resource management vulnerability, which stemmed from incorrect operations on the stbiloadgifmain function in the stbimage.h file. This vulnerability could lead to double deallocation of...

5.3CVSS6AI score0.00113EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/21 5:36 a.m.6 views

CVE-2026-27211

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

9.1CVSS5.6AI score0.005EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2026/02/20 11:15 p.m.5 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/18 12:0 a.m.7 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/10 10:16 p.m.3 views

UBUNTU-CVE-2025-66628

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...

7.5CVSS6AI score0.00439EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.14 views

PT-2025-41514

Name of the Vulnerable Software and Affected Versions libpadm.so versions prior to SMR Oct-2025 Release 1 Description An out-of-bounds write exists in the parsing header for JPEG decoding. This issue can lead to memory corruption for local attackers. The vulnerable component is libpadm.so...

4CVSS6.6AI score0.00118EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-2715

Malware in sbrugna...

7.8CVSS7.7AI score0.00169EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-1720

Malware in sbrugna...

9.8CVSS9.3AI score0.02184EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-19432

Malware in sbrugna...

6.1CVSS6.3AI score0.00675EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-3850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 2013 devices allows attackers to gain...

7.3CVSS7.6AI score0.00203EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-16981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stb stbimage.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbioutgifcode function. CVE-2018-16981 Note tha...

8.8CVSS6.7AI score0.01592EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-29977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an assertion failure error in stbijpeghuffdecode, stbimage.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to...

6.5CVSS6.6AI score0.00991EPSS
Exploits1References3
Rows per page
Query Builder