Lucene search
K

126 matches found

EUVD
EUVD
added 6 days ago10 views

EUVD-2026-39772

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

6.5CVSS6.2AI score0.00465EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 1:41 a.m.9 views

CVE-2025-71319

A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The findBox function, responsible for image validation, enters an infinite loop when processing...

8.7CVSS5.8AI score0.00625EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51382

Name of the Vulnerable Software and Affected Versions FastStone Image Viewer versions prior to 8.3.0.1 Description Heap-based buffer overflow flaws exist in the JP2 and PSD file parsers within the FSViewer.exe process. A malformed QCD quantization default marker 0xFF5C in a crafted JPEG 2000 JP2...

6.5CVSS6.5AI score0.00465EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/18 8:31 p.m.7 views

CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS5.9AI score0.00263EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.7 views

CVE-2026-46559

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. An incorrect check during JPEG 2000 JP2 image processing, when certain options are specified, can lead to a heap buffer overwrite of a single byte. This vulnerability could allow a...

6.2CVSS5.2AI score0.00116EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/15 2:9 a.m.6 views

gimp: GIMP: Remote Code Execution via malicious JP2 file parsing

A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 JPEG 2000 file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker ...

7.8CVSS6.3AI score0.00744EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/15 2:6 a.m.7 views

gimp: GIMP: Remote Code Execution via malicious JP2 file parsing

A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 JPEG 2000 file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker ...

7.8CVSS8AI score0.00744EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.7 views

SUSE CVE-2026-46559

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

4CVSS5.4AI score0.00116EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 7:57 p.m.68 views

CVE-2025-71319

CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...

8.7CVSS5.8AI score0.00625EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2026/05/18 8:37 p.m.8 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:37 p.m.12 views

Out-of-bounds Write

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:37 p.m.8 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/12 11:49 p.m.11 views

gimp: GIMP: Remote Code Execution via malicious JP2 file parsing

A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 JPEG 2000 file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker ...

7.8CVSS7.7AI score0.00744EPSS
Exploits0References6
OSV
OSV
added 2026/04/25 8:37 a.m.6 views

CLSA-2026-1776849467 jasper: Fix of 3 CVEs

CVE-2021-26926: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-26927: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-3272: prevent heap-based buffer over-read in...

7.1CVSS5.9AI score0.01197EPSS
Exploits3References1
SUSE Linux
SUSE Linux
added 2026/04/24 11:44 a.m.4 views

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG...

8.7CVSS5.7AI score0.00566EPSS
Exploits0References44
EUVD
EUVD
added 2026/04/21 1:27 a.m.3 views

EUVD-2026-24041

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...

5.3CVSS5.8AI score0.00302EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/04/21 1:27 a.m.4 views

CVE-2026-39886

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...

5.3CVSS5.8AI score0.00302EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.26 views

ImageMagick < 6.9.13-44 / 7.x < 7.1.2-19 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-44 and 7.x prior to 7.1.2-19. It is, therefore, affected by multiple vulnerabilities: - A heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image...

7.5CVSS6.1AI score0.00566EPSS
Exploits0References14
Snyk
Snyk
added 2026/04/14 6:51 p.m.8 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.8CVSS5.8AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 6:51 p.m.9 views

Out-of-bounds Write

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.8AI score0.00189EPSS
Exploits0References3
Rows per page
Query Builder