6 matches found
CVE-2026-33020
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...
CVE-2026-33020
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...
libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...
Write-what-where Condition
Overview Affected versions of this package are vulnerable to Write-what-where Condition in the TIFFReadRGBAImageOriented function while processing paletted images with malformed metadata. TIFF file. An attacker can achieve arbitrary memory write by convincing a user to open a specially crafted TI...
Write-what-where Condition
Overview Affected versions of this package are vulnerable to Write-what-where Condition in the TIFFReadRGBAImageOriented function while processing paletted images with malformed metadata. TIFF file. An attacker can achieve arbitrary memory write by convincing a user to open a specially crafted TI...
SUSE CVE-2005-4048
Heap-based buffer overflow in the avcodecdefaultgetbuffer function utils.c in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as 1 mplayer, 2 xine-lib, 3 Xmovie, and 4 GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes...