419 matches found
CVE-2026-56371
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...
CVE-2026-56371
ImageMagick vulnerability CVE-2026-56371: memory leak in coders/txt.c when processing TXT files with texture attributes. The texture object allocated via ReadImage is not released if GetTypeMetrics fails, causing a memory leak for each crafted TXT file processed. Affected versions are before 7.1....
EUVD-2026-38439
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...
Astra Linux - уязвимость в virglrenderer
A double-free vulnerability exists in the vrendrenderer.c file within virglrenderer up to version 0.8.1. Attackers can exploit this vulnerability to cause a denial of service by triggering texture allocation failures. The reason is that vrendrendererresourceallocatedtexture is not an appropriate...
Astra Linux - уязвимость в libsdl2
A potential memory leak issue was discovered in the SDL2 library, specifically in the GLESCreateTexture function within the SDLrendergles.c file. This vulnerability allows an attacker to carry out a denial-of-service attack. The vulnerability affects SDL2 version 2.0.4 and later versions. SDL-1.x...
CVE-2026-42188
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...
CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...
CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...
CVE-2026-42188
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...
Geyser 代码问题漏洞
Geyser is a cross-platform game version bridging proxy tool developed by GeyserMC. Versions of Geyser prior to 2.9.3 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when processing texture data for players’ heads in Minecraft. This allowed attackers...
GHSA-XCFG-FCR5-GW9R Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
Summary A server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to...
Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
Summary A server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to...
PT-2026-37252
Name of the Vulnerable Software and Affected Versions Geyser versions prior to 2.9.3 Description A server-side request forgery SSRF exists in the handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the '/give' command, an attacker can cause the...
JLSEC-2026-365
A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...
CVE-2026-34764
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...
CVE-2026-34764
The CVE-2026-34764 issue affects Electron apps that use offscreen rendering with GPU shared textures (webPreferences.offscreen: { useSharedTexture: true }). The root cause is a use-after-free where the release() callback for a paint-event texture can outlive its backing native state, causing a de...
CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...
CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...
Electron: Use-after-free in offscreen shared texture release() callback
Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...
Missing Release of Memory after Effective Lifetime
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...