767 matches found
CVE-2026-33813
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...
CVE-2026-33813
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...
Memory Allocation with Excessive Size Value
Overview golang.org/x/image/webp is a Package webp implements a decoder for WEBP images. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. An attacker can cause a crash by supplying a WEBP image with an invalid, very large declared size, triggering a...
GO-2026-4961 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the webp parsing function in golang.org/x/image, which may cause 32-bit platfo...
PT-2026-34050
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Parsing a WEBP image with an invalid, large size causes a panic on 32-bit platforms. Recommendations At the moment, there is no information about a newer version...
CVE-2026-29055
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...
CVE-2026-29055
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...
CVE-2026-29055
CVE-2026-29055 affects Tandoor Recipes: in versions prior to 2.6.0, the image processing pipeline did not strip EXIF data, rescale, or validate sizes for WebP and GIF uploads, allowing sensitive EXIF metadata (GPS coordinates, camera model, timestamps, software) to be stored and served to all vie...
CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...
CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...
PT-2026-28384
Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. Prior to version 2.6.0, the image processing pipeline does not remove EXIF metadata, rescale...
OPENSUSE-RU-2026:20168-1 Recommended update for gimp
This update for gimp fixes the following issues: Changes in gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was backported from our 3.2 RC2 release. As a result, we now wait to load images until fonts are initialized - this...
WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WebP Conversion versions = 2.2...
CVE-2026-24530
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...
CVE-2026-24530
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...
CVE-2026-24530
CVE-2026-24530: Missing Authorization in the sheepfish WebP Conversion WordPress plugin (webp-conversion) affects versions up to 2.1. Root cause is incorrectly configured access control (missing authorization). CVSSv3.1 base score is 5.3 (Medium) with network access, low complexity, no privileges...
CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...
CVE-2026-24530
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.1...
CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...