77 matches found
Important: thunderbird
Issue Overview: Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk header on the next call to...
Astra Linux – Vulnerability in imagemagick
ImageMagick 7.1.0-49 is vulnerable to information disclosure. When it parses a PNG image e.g., for resizing, the resulting image may contain content from an arbitrary file. This occurs if the ImageMagick binary has permissions to read such files...
CVE-2025-11680 Out-of-bounds Write in libwebsockets PNG parsing
Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...
CVE-2025-11680
CVE-2025-11680 affects libwebsockets’ unfilter_scanline in the warmcat library. When compiled with LWS_WITH_UPNG and the HTML display stack is used, a crafted PNG with a large width can trigger an integer overflow that determines the size of a heap allocation, enabling an out-of-bounds write and ...
CVE-2025-11679 Out-of-bounds Read in libwebsockets PNG parsing
Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...
CVE-2025-11679 Out-of-bounds Read in libwebsockets PNG parsing
Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...
Linux Distros Unpatched Vulnerability : CVE-2021-21235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specificall...
CVE-2022-36947
Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow...
CVE-2021-21235
kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::readfromcontainer can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround i...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the bufferedReader function in io.go, when parsing PNG and WebP files. An attacker can cause denial of service by sending malicious images that trigger large memory allocations...
GHSA-FMHH-RW3H-785M bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing
Impact The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before v0.11.0, If you didn't trust the input images, this could be abused to...
CVE-2025-32025 bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...
CVE-2025-32025
The CVE affects the Go library bep/imagemeta used for reading EXIF/IPTC/XMP metadata from JPEG, TIFF, PNG, and WebP. Before v0.11.0, the PNG/WebP metadata parsing allocated buffers unbounded by input type, enabling potentially large memory usage and DoS if provided images aren’t trusted. v0.11.0 ...
CVE-2024-9760
Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabili...
PT-2024-39814 · Tungsten Automation · Tungsten Automation Power Pdf
Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or...
PT-2024-39824 · Tungsten Automation · Tungsten Automation Power Pdf
Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious...
CVE-2023-51607
Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-37354
Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2023-37342
Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-37341
Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...