232 matches found
EUVD-2017-11963
Malware in sbrugna...
EUVD-2025-5329
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-2818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large...
Linux Distros Unpatched Vulnerability : CVE-2017-2814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing...
Linux Distros Unpatched Vulnerability : CVE-2019-5060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of markdown images with arbitrary URLs. An attacker can obtain the IP address, browser User-Agent, and potentially other request-specific information of users by embedding image URLs that are...
CVE-2023-32763
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered...
CVE-2025-32371
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...
CVE-2025-0235
Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver...
CVE-2025-0235
Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver...
CVE-2025-0235
CVE-2025-0235 is an out-of-bounds vulnerability caused by improper memory release during image rendering in Canon printer drivers: Generic PCL6 V4 Printer Driver, Generic UFR II V4 Printer Driver, and Generic LIPSLX V4 Printer Driver. The connected sources corroborate the same root cause across t...
CVE-2025-0235
Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver...
PT-2025-4863 · Unknown · Exif Viewer Classic
Name of the Vulnerable Software and Affected Versions: EXIF Viewer Classic versions 2.3.2 through 2.4.0 Description: The issue is caused by improper handling of EXIF meta data, leading to a cross-site scripting vulnerability. When an image is rendered and crafted EXIF meta data is processed, an...
[SECURITY] Fedora 40 Update: djvulibre-3.5.28-9.fc40
DjVu is a web-centric format and software platform for distributing documents and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution picture s. DjVu content downloads faster, displays and renders faster,...
CVE-2024-25697
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges required to execute...
CVE-2024-25696
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack...
CVE-2024-25696 Stored XSS in Portal for ArcGIS
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack...
CVE-2024-25697
Summary: CVE-2024-25697 is a stored cross-site scripting issue in Portal for ArcGIS (versions 11.1 and below) where a crafted link, triggered by an authenticated user viewing a bio page, can cause an image to render in the victim’s browser. The attack requires low privileges and authenticated acc...
PT-2024-21094 · Esri · Portal For Arcgis
Name of the Vulnerable Software and Affected Versions: Portal for ArcGIS versions =11.0 Description: The issue is related to a Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link. When the victim accesses the page editor, an image will rende...
CVE-2023-48240
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other...