openSUSE 16 Security Update : gimp (openSUSE-SU-2026:20055-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20055-1 advisory. Changes in gimp: Update to 3.0.6: - Security: - During development, we received reports from the Zero Day Initiative of potential security issue...

Can You Trust What You See? Alpha Channel No-Box Attacks on Video Object Detection

As object detection models are increasingly deployed in cyber-physical systems such as autonomous vehicles AVs and surveillance platforms, ensuring their security against adversarial threats is essential. While prior work has explored adversarial attacks in the image domain, those attacks in the...

ROS-20251014-04

A vulnerability in the libvips horizontal topology image processing library is related to the creation of a three-channel HEIF image without an alpha channel and then writing its data into 4 channels. 3-channel HEIF image without alpha channel and then writing its data to 4 channels. Exploitation...

Heap Buffer Overflow

ImageMagick is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper memory handling because images with separate alpha channels during magnification in ReadOneMNGImage can leak memory contents into the output image...

OESA-2025-2196 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Linux Distros Unpatched Vulnerability : CVE-2025-55004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffe...

ImageMagick < 7.1.2-1 Heap-Buffer Overflow (GHSA-cjc8-g9w8-chfw)

The remote host has a version of ImageMagick installed that is prior to 7.1.2-1. It is, therefore, affected by a vulnerability as referenced in GHSA-cjc8-g9w8-chfw advisory. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1,...

imagemagick: heap-buffer overflow read in MNG magnification with alpha

Vulnerability Details When performing image magnification in ReadOneMNGIMage in coders/png.c, there is an issue around the handling of images with separate alpha channels. When loading an image with a color type that implies a separate alpha channel ie. jngcolortype = 12, we will load the alpha...

CVE-2025-55004

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This c...

ImageMagick 安全漏洞

ImageMagick is a suite of open source image processing software from ImageMagick Open Source. It can read, convert, or write images in a variety of formats. A security vulnerability exists in versions of ImageMagick prior to 7.1.2-1, which stems from a heap buffer overflow read when processing...

Favicon Trojans: Executable Steganography Via Ico Alpha Channel Exploitation

This paper presents a novel method of executable steganography using the alpha transparency layer of ICO image files to embed and deliver self-decompressing JavaScript payloads within web browsers. By targeting the least significant bit LSB of non-transparent alpha layer image values, the propose...

PT-2025-32995

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.1.2-1 Description: ImageMagick is vulnerable to a heap-buffer overflow read when handling images with separate alpha channels during image magnification in the ReadOneMNGImage function. This issue can potential...

CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

CVE-2025-29769 libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input to HEIF output

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

libvips 安全漏洞

libvips is a fast image processing library with low memory requirements from the libvips open source. A security vulnerability exists in versions of libvips prior to 8.16.1, which stems from misjudging the alpha channel when processing multiband inputs, and may result in a heap buffer overflow...

SUSE CVE-2012-3966

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a negative height value in a BMP image within a...

SUSE CVE-2013-4589

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service crash via vectors related to exporting the alpha of an 8-bit RGBA image...

DEBIAN-CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

ALPINE-CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

CVE-2019-11471

libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::setalphachannel in heifcontext.h because heifcontext.cc mishandles references to non-existing alpha images...