Lucene search
K

528 matches found

CVE
CVE
added 5 days ago11 views

CVE-2026-46604

The CVE-2026-46604 entry concerns a panic in the Go TIFF decoder (golang.org/x/image/tiff) when decoding a malformed image containing an out-of-bounds strip offset. Affected component: TIFF decoding path in golang.org/x/image/x/image/tiff. Root cause: decoding invalid TIFF data triggers a panic d...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3Affected Software1
OSV
OSV
added 5 days ago2 views

SUSE-SU-2026:2666-1 Security update for giflib

This update for giflib fixes the following issue - CVE-2026-26740: heap out-of-bounds read when processing a specially crafted GIF file containing a GCE block with a truncated extension byte count bsc1259836...

8.2CVSS5.8AI score0.00467EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 1:11 p.m.6 views

OESA-2026-2707 giflib security update

giflib is a library of gif images and provides utilities for processing images. Security Fixes: Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validati...

8.2CVSS5.9AI score0.00467EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

AlmaLinux 10 : firefox (ALSA-2026:27733)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References31
RedHat Linux
RedHat Linux
added 2026/06/22 4:5 a.m.9 views

firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Graphics: ImageLib component...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References6
OSV
OSV
added 2026/06/22 12:0 a.m.8 views

ALSA-2026:27733 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References60
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

RHEL 8 : firefox (RHSA-2026:27717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27717 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

9.6CVSS5.9AI score0.00476EPSS
Exploits0References60
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in TIF format

A vulnerability was discovered in libtiff due to multiple potential integer overflows in the raw2tiff.c file. This flaw allows remote attackers to cause a denial of service or potentially execute arbitrary code through a crafted TIF image, triggering a heap-based buffer overflow...

6.5CVSS8AI score0.01037EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in exiv2

Exiv2 0.27.2 allows attackers to cause a crash in the Exiv2::getULong function in types.cpp, when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp. This occurs because there is no validation of the relationship between the total size and the offset and size...

6.5CVSS6.8AI score0.01851EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in libstb

stbimage is a single-file library licensed under MIT that processes images. It might seem like stbiloadgifmain does not provide any guarantees regarding the content of the output value delays in case of failure. Although it sets delays to zero at the beginning, it does not do so if the image is n...

9.8CVSS8.2AI score0.00959EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.8 views

SUSE CVE-2026-12325

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References7
OSV
OSV
added 2026/06/18 10:46 p.m.5 views

GO-2026-5061 Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 2:4 p.m.4 views

GHSA-HGG8-FQQC-VFMW vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...

5.3CVSS5.7AI score0.00796EPSS
Exploits1References4
CVE
CVE
added 2026/06/16 11:52 a.m.15 views

CVE-2026-12325

CVE-2026-12325 is a denial-of-service vulnerability in the Graphics: ImageLib component. Affected products include Mozilla Firefox and Thunderbird; root cause and impact are described as DoS in ImageLib. The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbir...

6.5CVSS5.2AI score0.00227EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2026/06/16 11:52 a.m.27 views

CVE-2026-12325 Denial-of-service in the Graphics: ImageLib component

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

0.00227EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/04 11:0 a.m.11 views

EUVD-2026-34242

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/29 9:14 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

8.7CVSS5.8AI score0.00353EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 7:35 p.m.9 views

CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

5.8AI score0.00353EPSS
Exploits0References4
Fedora
Fedora
added 2026/05/29 1:13 a.m.13 views

[SECURITY] Fedora 44 Update: libpng-1.6.58-1.fc44

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

5.1CVSS5.8AI score0.00195EPSS
Exploits1
Snyk
Snyk
added 2026/05/22 1:11 p.m.15 views

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.6CVSS5.8AI score0.00077EPSS
Exploits0References3
Rows per page
Query Builder