Lucene search
K

677 matches found

OSV
OSV
added 2026/02/25 7:24 p.m.7 views

GHSA-R99P-5442-Q2X2 ImageMagick has a heap Buffer Over-read in its DJVU image format handler

A heap Buffer Over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride row size for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads...

4CVSS5.8AI score0.00123EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/25 7:24 p.m.6 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via the DJVU image format handler. An attacker can cause out-of-bounds memory reads and potentially impact the integrity or availability of the application by supplying a specially crafted DJVU file that triggers intege...

4.4CVSS6AI score0.00123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.8 views

SUSE SLES15 Security Update : libpng16 (SUSE-SU-2026:0596-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0596-1 advisory. - CVE-2025-28162: memory leaks when running pngimage bsc1257364. - CVE-2025-28164: memory leaks when running pngimage bsc1257365. -...

8.3CVSS6AI score0.00955EPSS
Exploits4References16
SUSE Linux
SUSE Linux
added 2026/02/23 3:57 p.m.7 views

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2025-28162: memory leaks when running pngimage bsc1257364. CVE-2025-28164: memory leaks when running pngimage bsc1257365. CVE-2026-22695: heap buffer over-read in pngimagefinishread bsc1256525. CVE-2026-22801: integer truncation causing hea...

8.3CVSS5.7AI score0.00955EPSS
Exploits4References20
OSV
OSV
added 2026/02/23 3:57 p.m.8 views

SUSE-SU-2026:0596-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running pngimage bsc1257364. - CVE-2025-28164: memory leaks when running pngimage bsc1257365. - CVE-2026-22695: heap buffer over-read in pngimagefinishread bsc1256525. - CVE-2026-22801: integer truncation...

8.3CVSS5.8AI score0.00955EPSS
Exploits4References11
Amazon
Amazon
added 2026/02/19 12:0 a.m.17 views

Medium: thunderbird

Issue Overview: HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construc...

7.8CVSS6AI score0.00377EPSS
Exploits6
Amazon
Amazon
added 2026/02/19 12:0 a.m.11 views

Medium: firefox

Issue Overview: HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construc...

7.8CVSS6AI score0.00377EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.11 views

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3171 (ALAS-2026-3171)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3171 advisory. HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the...

7.8CVSS6.6AI score0.00377EPSS
Exploits6References10
Amazon
Amazon
added 2026/02/05 12:0 a.m.10 views

Medium: libpng

Issue Overview: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function pngimagefinishread when processing interlaced...

7.8CVSS5.7AI score0.00229EPSS
Exploits5
OSV
OSV
added 2026/01/22 2:31 p.m.5 views

SUSE-SU-2026:20155-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in pngimagefinishread bsc1256525. - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in pngimagewrite bsc1256526...

7.8CVSS6AI score0.00172EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2026/01/19 12:0 a.m.10 views

Mageia: Security Advisory (MGASA-2026-0010)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.1AI score0.00172EPSS
Exploits1References4
OSV
OSV
added 2026/01/17 2:48 a.m.11 views

MGASA-2026-0010 Updated libpng packages fix security vulnerabilities

LIBPNG has a heap buffer over-read in pngimagereaddirectscaled regression from CVE-2025-65018 fix. CVE-2026-22695 LIBPNG has an integer truncation causing heap buffer over-read in pngimagewrite. CVE-2026-22801...

7.8CVSS7.2AI score0.00172EPSS
Exploits1References3
Mageia
Mageia
added 2026/01/17 2:48 a.m.14 views

Updated libpng packages fix security vulnerabilities

LIBPNG has a heap buffer over-read in pngimagereaddirectscaled regression from CVE-2025-65018 fix. CVE-2026-22695 LIBPNG has an integer truncation causing heap buffer over-read in pngimagewrite. CVE-2026-22801...

7.8CVSS7.3AI score0.00172EPSS
Exploits1References2
Slackware Linux
Slackware Linux
added 2026/01/14 10:30 p.m.9 views

[slackware-security] libpng

New libpng packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpng-1.6.54-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Heap buffer over-read in the libpng simplified API...

7.8CVSS7.2AI score0.00172EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/01/14 9:3 a.m.8 views

LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*

...

7.8CVSS5.4AI score0.00114EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : sqlite-3.34.1-8.el9_6 (AXSA:2025-10658:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10658:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

7.7CVSS7AI score0.73495EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : nodejs:22 (AXSA:2025-10653:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10653:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

7.7CVSS7.1AI score0.73495EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : mingw-sqlite-3.26.0.0-2.el8_10 (AXSA:2025-10765:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10765:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

7.7CVSS7AI score0.73495EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : sqlite-3.34.1-9.el9_7 (AXSA:2025-11450:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11450:04 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

7.7CVSS7AI score0.73495EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : nodejs:22 (AXSA:2025-10673:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10673:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

7.7CVSS7.1AI score0.73495EPSS
Exploits3References2
Rows per page
Query Builder