12 matches found
CVE-2026-41334
OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized images to cause denial of service through excessive memory consumption...
CVE-2026-41334 OpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard Bypass
OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized images to cause denial of service through excessive memory consumption...
CVE-2026-41334 OpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard Bypass
OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized images to cause denial of service through excessive memory consumption...
PT-2026-34765
OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized images to cause denial of service through excessive memory consumption...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the image pixel-limit guard failing to properly restrict oversized pixel counts during image processing. An attacker can exhaus...
OESA-2021-1146 python-pillow security update
Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. Security Fixes: In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SG...
The vulnerability of the ReadCINImage function (coders/cin.c) in the syntax analysis component of the Cineon program for reading and editing ImageMagick graphic files, which allows an attacker to cause a service failure.
The vulnerability of the ReadCINImage function coders/cin.c in the syntax analysis component of the Cineon program for reading and editing ImageMagick graphic files is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service...
The State of Mobile App Performance
In our previous blog, we saw how a new generation of users are increasing the expectations of a mobile app like never before and identified the three key success criteria for mobile apps: 1 increase customer conversions, 2 drive installs and 3 increase customer loyalty. For this blog we profiled...
Ubuntu 14.04 LTS / 16.04 LTS : GD library vulnerabilities (USN-3213-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3213-1 advisory. Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were...
USN-3213-1: GD library vulnerabilities
Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected...
CVE-2016-9317
The gdImageCreate function in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service system hang via an oversized image...
Fedora 20 : openstack-nova-2013.2-4.fc20 (2013-22667)
Ensure we don't boot oversized images CVE-2013-4463 and CVE-2013-2096 - Require ipmitool for baremetal driver 1022243 - Remove cert and scheduler hard dependency on cinderclient 1031679 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...