CVE-2025-64505 LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette...

[SECURITY] Fedora 42 Update: xmedcon-0.25.3-1.fc42

This project stands for Medical Image Conversion and is released under the GNU's LGPL license. It bundles the C source code, a library, a flexible command-line utility and a graphical front-end based on the amazing Gtk+ toolkit. Its main purpose is image conversion while preserving valuable medic...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the lwsupngemitnextline function when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used. An attacker can cause a crash or read past a heap-allocated buffer by enticing a user to...

CVE-2025-11680 Out-of-bounds Write in libwebsockets PNG parsing

Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

CVE-2025-11679

CVE-2025-11679 affects warmcat libwebsockets where an out-of-bounds read in lws_upng_emit_next_line can occur if LWS_WITH_UPNG is enabled and the HTML display stack is used, potentially crashing a heap-allocated buffer when a crafted PNG with large height is viewed. Public sources (Fedora, Debian...

EUVD-2005-2345

Malware in sbrugna...

PT-2025-34787 · Jspdf · Jspdf

Name of the Vulnerable Software and Affected Versions: jsPDF versions prior to 3.0.2 Description: jsPDF is a JavaScript library used to generate PDFs. Prior to version 3.0.2, user control over the first argument of the addImage method can lead to high CPU utilization and denial of service...

CVE-2025-55154

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage in coders/png.c are unsafe and can overflow, leading to memory corruption. This issue has been patched in...

The png_convert_to_rfc1123 function in png.c allows remote attackers to obtain sensitive process memory information

...

UBUNTU-CVE-2025-32807

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for some configurations via the icon parameter of a GET request to geticon.php...

PT-2026-4934

Name of the Vulnerable Software and Affected Versions libpng versions 1.6.43 through 1.6.46 Description A buffer overflow condition exists in libpng versions 1.6.43 through 1.6.46. This issue allows a local attacker to potentially cause a denial of service. The png create read struct function is...

CVE-2024-9750

Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in tha...

Tungsten Automation Power PDF 缓冲区错误漏洞

Tungsten Automation Power PDF Kofax Power PDF is a powerful PDF processing software from Tungsten Automation. Tungsten Automation Power PDF suffers from a buffer error vulnerability that stems from the parsing of PNG files containing an out-of-bounds read issue. An attacker exploiting this...

Tungsten Automation Power PDF 缓冲区错误漏洞

Tungsten Automation Power PDF Kofax Power PDF is a powerful PDF processing software from Tungsten Automation. Tungsten Automation Power PDF suffers from a buffer error vulnerability that stems from the parsing of PNG files containing an out-of-bounds read issue. An attacker could cause remote cod...

HiColor 安全漏洞

HiColor is a program by the individual developer D. Bohdan. It is used to convert images to 15-bit and 16-bit RGB colors. A security vulnerability exists in HiColor version 0.5.0, which stems from a stack buffer overflow vulnerability in the cpdynamic function, allowing an attacker to trigger a...

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

...

CVE-2023-37342

Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...

PDF-XChange Editor 安全漏洞

PDF-XChange Editor is a PDF file viewing software from PDF-XChange, Inc. that runs on Microsoft Windows systems. A security vulnerability exists in PDF-XChange Editor that stems from a PNG File Parsing out-of-bounds write remote code execution vulnerability...

PDF-XChange Editor 安全漏洞

PDF-XChange Editor is a PDF file viewing software from PDF-XChange, Inc. that runs on Microsoft Windows systems. A security vulnerability exists in PDF-XChange Editor that stems from a PNG File Parsing out-of-bounds write remote code execution vulnerability...

The vulnerability of the gifread.c component of the software for optimizing PNG OptiPNG allows a hacker to cause a service failure or exert other effects.

The vulnerability of the gifread.c component of the software for optimizing PNG files with OptiPNG is related to buffer overflow through the ‘buffer’ variable. Exploiting this vulnerability can allow an attacker to cause a service failure or have other adverse effects...