1067 matches found
Astra Linux – Vulnerability in dcmtk
DCMTK through version 3.6.6 does not handle memory deallocation properly. The object in the program is freed, but its address is still used in other locations. Sending specific requests to the dcmqrdb program will lead to a double-free. An attacker can use this vulnerability to launch a DoS attac...
Astra Linux – Vulnerability in dcmtk
It was discovered that DCMTK v3.6.7 contains a memory leak through the TASCAssociation object...
HP Linux Imaging and Printing Software 命令注入漏洞
HP Linux Imaging and Printing Software is a software package developed by American company HP, designed for the installation, use, and management of HP printers and scanners. HP Linux Imaging and Printing Software has a command injection vulnerability, which stems from operating system command...
PT-2026-42267
Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing Software affected versions not specified Description An OS command injection flaw exists in the HP Linux Imaging and Printing Software. This issue may allow an attacker to achieve escalation of privileges and/or...
HP Linux Imaging and Printing Software 安全漏洞
HP Linux Imaging and Printing Software is a software package developed by American company HP, designed for the installation, use, and management of HP printers and scanners. There is a security vulnerability in HP Linux Imaging and Printing Software, which stems from integer overflows during the...
PT-2026-42266
Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing Software versions prior to 3.26.4 Description An integer overflow exists in the hpcups processing path when handling crafted print data. This flaw may allow an unauthenticated attacker to bypass memory limits,...
PT-2026-40312
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Versions of Apple iOS prior to 26.5 and iPadOS prior to 26.5 contained security vulnerabilities. These...
CVE-2026-42308
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...
UBUNTU-CVE-2026-42311
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...
CVE-2026-42310
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...
CVE-2026-42309
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...
Unity Linux 20.1070e Security Update: ImageMagick (UTSA-2026-017382)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017382 advisory. A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo function of dcm.c file. This vulnerability is triggered when an attacker passes a specially...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017334)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017334 advisory. PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be...
EUVD-2018-21818
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...
[SECURITY] Fedora 44 Update: python-pillow-12.2.0-1.fc44
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...
Medical data of 500,000 UK volunteers listed for sale on Alibaba
Half a million Britons signed up to help cure cancer. Their data ended up for sale on Alibaba. The UK Biobank charity informed the British government of an incident concerning the medical data belonging to 500,000 British citizens being offered for sale on the Chinese e-commerce website Alibaba...
PT-2026-46979
Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.34 through 26.00 Description An off-by-one heap out-of-bounds read exists in the WIM Windows Imaging archive handler's security descriptor lookup. In the GetSecurity function within CHandler::GetSecurity...
CVE-2026-40192
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...
UBUNTU-CVE-2026-40192
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...