CVE-2026-33018

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. This Use-After-Free vulnerability occurs when processing specially crafted animated Graphics Interchange Format GIF files. A remote attacker could exploit this by providing a malicious multi-frame GIF, causing the application t...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can obtain sensitive information or bypass access controls by embedding specially crafted SVG content with animate attributes in an email...

CVE-2026-35543

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes in an e-mail message. This may lead to information disclosure or access-control bypass...

Tencent Libpag Integer Overflow Vulnerability

Tencent Libpag is an official rendering library for PAG Portable Animated Graphics files from Tencent, a Chinese company. Tencent Libpag suffers from an integer overflow vulnerability that stems from the DecodeStream checkEndOfFile function in codec/utils/DecodeStream.cpp not correctly handling t...

CVE-2024-34408

Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile in codec/utils/DecodeStream.cpp via a crafted PAG Portable Animated Graphics file...

CVE-2024-34408

Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile in codec/utils/DecodeStream.cpp via a crafted PAG Portable Animated Graphics file...