Lucene search
K

99 matches found

UbuntuCve
UbuntuCve
added 2026/03/31 2:16 p.m.7 views

CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

7.8CVSS6AI score0.00213EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:13 p.m.9 views

CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

6.1AI score0.00213EPSS
Exploits0References4
OSV
OSV
added 2026/03/31 1:13 p.m.2 views

CVE-2026-3308 CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

7.8CVSS7.5AI score0.00213EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29249

Name of the Vulnerable Software and Affected Versions MuPDF version 1.27.0 Description An integer overflow exists in the 'pdf-image.c' file within MuPDF version 1.27.0. A specially crafted PDF document can trigger an integer overflow within the pdf load image imp function. This can lead to a heap...

7.8CVSS6.2AI score0.00213EPSS
Exploits0References14
Snyk
Snyk
added 2026/02/24 3:37 p.m.4 views

Division by zero

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

7.5CVSS6AI score0.00385EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.7 views

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.9AI score0.00244EPSS
Exploits1References1
OSV
OSV
added 2026/01/23 12:15 a.m.4 views

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 11:58 p.m.35 views

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

0.00244EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 11:58 p.m.3 views

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.4AI score0.00244EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/01/22 10:30 p.m.10 views

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

Summary The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system...

7.8CVSS5.5AI score0.00244EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2026/01/22 2:36 p.m.2 views

SUSE-SU-2026:20128-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: heap buffer overflow in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib gbase64encodestep bsc1246114. - CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents...

7.5CVSS6.6AI score0.01051EPSS
Exploits0References5
CVE
CVE
added 2026/01/22 12:32 a.m.37 views

CVE-2026-23952

CVE-2026-23952 affects ImageMagick: a NULL pointer dereference in the MSL parser when processing tags before any image loads. Versions 14.10.1 and earlier are vulnerable; the issue can cause a DoS (assertion failure on debug builds or NULL dereference on release builds). A fix exists in version ...

7.5CVSS5.6AI score0.0043EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/01/22 12:32 a.m.7 views

EUVD-2026-3699

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

6.5CVSS5.5AI score0.0043EPSS
Exploits1References3
OSV
OSV
added 2026/01/22 12:32 a.m.6 views

CVE-2026-23952 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

6.5CVSS5.7AI score0.0043EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/01/22 12:32 a.m.3 views

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

7.5CVSS5.7AI score0.0043EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.8 views

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.4AI score0.00244EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.7 views

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.4AI score0.00244EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:6 a.m.10 views

ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

Summary NULL pointer dereference in MSL Magick Scripting Language parser when processing tag before any image is loaded. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD Steps to Reproduce Method 1: Using ImageMagick directly bash magick MSL:poc.msl out.png Method 2: Using...

7.5CVSS5.5AI score0.0043EPSS
Exploits1References3Affected Software19
Snyk
Snyk
added 2026/01/21 1:6 a.m.7 views

NULL Pointer Dereference

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

7.5CVSS5.7AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/21 1:6 a.m.5 views

NULL Pointer Dereference

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.7AI score0.0043EPSS
Exploits1References2
Rows per page
Query Builder