Lucene search
K

77 matches found

Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: thunderbird

Issue Overview: Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk header on the next call to...

9.8CVSS5.8AI score0.00605EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in imagemagick

ImageMagick 7.1.0-49 is vulnerable to information disclosure. When it parses a PNG image e.g., for resizing, the resulting image may contain content from an arbitrary file. This occurs if the ImageMagick binary has permissions to read such files...

6.5CVSS7.7AI score0.89855EPSS
Exploits28References2
Cvelist
Cvelist
added 2025/10/20 2:4 p.m.10 views

CVE-2025-11680 Out-of-bounds Write in libwebsockets PNG parsing

Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

5.9CVSS0.00356EPSS
Exploits0References2
CVE
CVE
added 2025/10/20 2:4 p.m.11 views

CVE-2025-11680

CVE-2025-11680 affects libwebsockets’ unfilter_scanline in the warmcat library. When compiled with LWS_WITH_UPNG and the HTML display stack is used, a crafted PNG with a large width can trigger an integer overflow that determines the size of a heap allocation, enabling an out-of-bounds write and ...

5.9CVSS6.8AI score0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/20 1:58 p.m.1 views

CVE-2025-11679 Out-of-bounds Read in libwebsockets PNG parsing

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

5.9CVSS6.5AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/20 1:58 p.m.8 views

CVE-2025-11679 Out-of-bounds Read in libwebsockets PNG parsing

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

5.9CVSS0.00356EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-21235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specificall...

6.5CVSS6.6AI score0.01515EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.12 views

CVE-2022-36947

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow...

9.8CVSS7.2AI score0.02046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:9 p.m.3 views

CVE-2021-21235

kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::readfromcontainer can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround i...

6.5CVSS6.7AI score0.01515EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/09 5:5 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the bufferedReader function in io.go, when parsing PNG and WebP files. An attacker can cause denial of service by sending malicious images that trigger large memory allocations...

8.7CVSS6.9AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2025/04/09 12:57 p.m.8 views

GHSA-FMHH-RW3H-785M bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing

Impact The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before v0.11.0, If you didn't trust the input images, this could be abused to...

6.9CVSS6.5AI score0.00161EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/08 3:13 p.m.35 views

CVE-2025-32025 bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...

6.9CVSS0.00161EPSS
Exploits0References2
CVE
CVE
added 2025/04/08 3:13 p.m.207 views

CVE-2025-32025

The CVE affects the Go library bep/imagemeta used for reading EXIF/IPTC/XMP metadata from JPEG, TIFF, PNG, and WebP. Before v0.11.0, the PNG/WebP metadata parsing allocated buffers unbounded by input type, enabling potentially large memory usage and DoS if provided images aren’t trusted. v0.11.0 ...

6.9CVSS7.2AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 9:15 p.m.4 views

CVE-2024-9760

Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabili...

3.3CVSS4.9AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.4 views

PT-2024-39814 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or...

7.8CVSS7.3AI score0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.5 views

PT-2024-39824 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious...

3.3CVSS6.9AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 2024/05/03 3:16 a.m.5 views

CVE-2023-51607

Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...

5.5CVSS5AI score0.00506EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.6 views

CVE-2023-37354

Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.6AI score0.00345EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/03 2:15 a.m.3 views

CVE-2023-37342

Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS6.2AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 2:15 a.m.2 views

CVE-2023-37341

Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS6.2AI score
Exploits0References1
Rows per page
Query Builder