CVE-2019-11927

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100...

CVE-2012-6466

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas...

Denial Of Service (DoS)

github.com/bep/imagemeta is vulnerable to Denial Of Service DoS. The vulnerability is due to missing upper bounds on memory allocation when parsing metadata in PNG and WebP images, allowing an attacker to craft specially designed images with excessively large metadata...

SUSE CVE-2025-32025

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the bufferedReader function in io.go, when parsing PNG and WebP files. An attacker can cause denial of service by sending malicious images that trigger large memory allocations...

GO-2025-3599 bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing in github.com/bep/imagemeta

bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing in github.com/bep/imagemeta...

GHSA-FMHH-RW3H-785M bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing

Impact The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before v0.11.0, If you didn't trust the input images, this could be abused to...

CVE-2025-32025 bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...

CVE-2025-32025 bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...

CVE-2025-32025

The CVE affects the Go library bep/imagemeta used for reading EXIF/IPTC/XMP metadata from JPEG, TIFF, PNG, and WebP. Before v0.11.0, the PNG/WebP metadata parsing allocated buffers unbounded by input type, enabling potentially large memory usage and DoS if provided images aren’t trusted. v0.11.0 ...

CVE-2025-32025

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...

imagemeta 安全漏洞

imagemeta is a Go library by the individual developer Bjørn Erik Pedersen. It is used to read EXIF, IPTC and XMP image metadata from JPEG, TIFF, PNG and WebP files. A security vulnerability exists in versions prior to imagemeta v0.11.0, which stems from an unrestricted PNG and WebP metadata buffe...

Blasting Past Webp

An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued an out-of-band security update for iOS: Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Gro...

WordPress plugin CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin CITS Support svg, webp Media a...

WordPress plugin CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin CITS Support svg, webp Media a...

WordPress cits-support-svg-webp-media-upload plugin <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion vulnerability

Cross-Site Request Forgery to Font Assignment Deletion vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...

Linux Distros Unpatched Vulnerability : CVE-2019-13111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service large heap allocation followed by a very long...

Malicious code in @aoflmkt/is-webp-qualified (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1686 Malicious code in @aoflmkt/is-webp-qualified (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2024-53863

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...