Adobe Photoshop Desktops Heap Buffer Overflow Vulnerability

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. A heap buffer overflow vulnerability exists in Adobe Photoshop Desktops. The vulnerability is due to a failure to perform strict checksums on memory...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing large EXIF data structures. An attacker can cause denial of service by sending malicious images. Remediation Upgrade github.com/bep/imagemeta to version 0.10.0 or...

CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

CVE-2025-29769 libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input to HEIF output

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

CVE-2025-29769

CVE-2025-29769 affects libvips, where the heifsave path could mis-handle a multiband TIFF input (4 channels) and output HEIF with 3 channels, then attempt to write 4 channels, causing a heap-based buffer overflow and possible crash. Root cause: incorrect alpha-channel determination when colour in...

CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues: CVE-2025-27795: Fixed missing image dimension resource limits in JXL bsc1239044 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...

image-size Denial of Service via Infinite Loop during Image Processing

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

GHSA-M5QC-5HW7-8VG7 image-size Denial of Service via Infinite Loop during Image Processing

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

PT-2025-14538 · Npm · Image-Size

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

PHPGurukul eLearning System 代码问题漏洞

PHPGurukul eLearning System is an eLearning system from PHPGurukul Inc. A code issue vulnerability exists in version 1.0 of the PHPGurukul eLearning System, which stems from an image processing component in the file /user/index.php that could lead to unlimited uploads...

Aim 资源管理错误漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.25.0 suffers from a resource management error vulnerability that stems from the tracking server's susceptibility to denial-of-service attacks, which may cause the server to be...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

Vulnerability of the file src/include/OpenImageIO/fmath.h: 983 lines of the OpenImageIO image processing library, allowing a hacker to execute arbitrary code.

Vulnerability of the file src/include/OpenImageIO/fmath.h:983. The OpenImageIO image processing library involves buffer overflow exploits. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2025-25301

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...

Linux Distros Unpatched Vulnerability : CVE-2017-11449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial...

Linux Distros Unpatched Vulnerability : CVE-2017-9117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header matc...

CVE-2025-25301

Summary: Rembg (Python) versions up to and including 2.0.57 are affected by an SSRF vulnerability in the /api/remove endpoint. The endpoint accepts a URL query parameter to fetch, process, and return an image, which can enable an attacker to request internal-network resources hosted by the rembg ...

CVE-2025-25301 Rembg allows SSRF via /api/remove

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...

Astra Linux - уязвимость в imagemagick

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service...