Lucene search
+L

517 matches found

osv
osv
added 2026/04/14 10:16 p.m.7 views

DEBIAN-CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.5AI score0.00191EPSS
Exploits1References1
osv
osv
added 2026/04/14 10:16 p.m.2 views

UBUNTU-CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.8AI score0.00191EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/04/14 9:45 p.m.6 views

CVE-2026-33018 libsixel: Use-After-Free in load_gif()

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.8AI score0.00191EPSS
Exploits1References2
cvelist
cvelist
added 2026/04/14 9:45 p.m.22 views

CVE-2026-33018 libsixel: Use-After-Free in load_gif()

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS0.00191EPSS
Exploits1References2
debiancve
debiancve
added 2026/04/14 9:45 p.m.6 views

CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.5AI score0.00191EPSS
Exploits1
cve
cve
added 2026/04/14 9:45 p.m.19 views

CVE-2026-33018

libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame->pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...

7CVSS5.8AI score0.00191EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/04/14 9:45 p.m.3 views

CVE-2026-33018 libsixel: Use-After-Free in load_gif()

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.8AI score0.00191EPSS
Exploits1References4
euvd
euvd
added 2026/04/14 9:45 p.m.6 views

EUVD-2026-22740

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.8AI score0.00191EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/04/14 12:0 a.m.9 views

libsixel 资源管理错误漏洞

Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7 and earlier contained a resource management vulnerability. This vulnerability stemmed from the loadgif...

7CVSS6.2AI score0.00191EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/04/14 12:0 a.m.4 views

PT-2026-32925

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load gif function in fromgif.c, where a single sixel frame t object is reused across all frames of an animated GIF and gif init frame...

7CVSS5.8AI score0.00191EPSS
Exploits1References5
redhatcve
redhatcve
added 2026/04/13 5:38 a.m.4 views

CVE-2026-4151

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI Animated Cursor file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of...

7.8CVSS7.5AI score0.00664EPSS
Exploits0References5
nvd
nvd
added 2026/04/11 1:16 a.m.6 views

CVE-2026-4151

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS0.00664EPSS
Exploits0References7
snyk
snyk
added 2026/04/03 6:31 a.m.4 views

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can obtain sensitive information or bypass access controls by embedding specially crafted SVG content with animate attributes in an email...

6.9CVSS5.9AI score0.00402EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/03 3:57 a.m.4 views

CVE-2026-35543

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes in an e-mail message. This may lead to information disclosure or access-control bypass...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References7
nessus
nessus
added 2026/03/27 12:0 a.m.3 views

GIMP < 3.2.0 Multiple Vulnerabilities (macOS)

The version of GIMP installed on the remote macOS host is prior to 3.2.0. It is, therefore, affected by multiple vulnerabilities: - An integer overflow condition exists in PSD file parsing due to improper validation of user-supplied data. An unauthenticated, local attacker can exploit this, via a...

7.8CVSS7.6AI score0.00755EPSS
Exploits0References17
ibm
ibm
added 2026/03/17 11:17 a.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.313 Vulnerability Details CVEID:CVE-2025-49177 DESCRIPTION: A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a clie...

8.2CVSS6.8AI score0.01361EPSS
Exploits0Affected Software1
nessus
nessus
added 2026/03/15 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2026-006181)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006181 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to...

6.1CVSS5.8AI score0.00285EPSS
Exploits0References4
patchstack
patchstack
added 2026/02/02 8:39 p.m.7 views

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animated Text Widget vulnerability discovered by wesley wcraft in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

6.4CVSS8.3AI score0.00427EPSS
Exploits0References1Affected Software1
astralinux
astralinux
added 2026/01/27 5:1 a.m.3 views

Astra Linux – Vulnerability in xorg-server

A flaw was discovered in the handling of animated cursors by the X Rendering extension. If a client does not provide any cursors, the server assumes that at least one is present. This can lead to an out-of-bounds read and potential crash...

6.1CVSS6.6AI score0.00285EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/26 3:10 p.m.6 views

CVE-2026-24474

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder