Lucene search
K

60 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-61858

A flaw was found in ImageMagick. This vulnerability allows attackers to bypass configured policy restrictions through the APNG Animated Portable Network Graphics encoding process. By exploiting missing validation checks in the APNG encoder and external delegates, an attacker can write files to...

4.8CVSS6AI score
Exploits0References5
EUVD
EUVD
added yesterday8 views

EUVD-2026-43187

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/17 2:2 p.m.7 views

GHSA-8JR5-V98P-W75M vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

4.8CVSS5.3AI score0.00239EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/17 2:2 p.m.17 views

vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/13 1:38 a.m.12 views

MGASA-2026-0205 Updated libpng packages fix security vulnerabilities

LIBPNG has a use-after-free in pngsetPLTE, pngsettRNS and pngsethIST leading to corrupted chunk data and potential heap information disclosure. CVE-2026-34757 Chunk smuggling in push-mode APNG parser via unconsumed chunk body. CVE-2026-40930...

5.4CVSS5.4AI score0.00202EPSS
Exploits1References6
NVD
NVD
added 2026/06/04 4:16 p.m.12 views

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS0.00202EPSS
Exploits0References3
OSV
OSV
added 2026/06/04 4:16 p.m.8 views

ALPINE-CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.4AI score0.00202EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:34 p.m.8 views

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/04 2:34 p.m.8 views

CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 2:34 p.m.56 views

CVE-2026-40930

CVE-2026-40930 concerns LIBPNG (v1.8.0) where three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC. This allows attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk heade...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/04 2:34 p.m.10 views

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.8AI score0.00202EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.16 views

PT-2026-42116

Name of the Vulnerable Software and Affected Versions libpng-apng affected versions not specified Description An issue exists in the push-mode APNG parser where chunk smuggling is possible via an unconsumed chunk body. This occurs within the third-party libpng-apng patch. Recommendations At the...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References12
OSV
OSV
added 2025/10/19 7:8 p.m.2 views

JLSEC-2025-113 Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c,...

Buffer Overflow vulnerability exists in FFmpeg 4.1 via apngdoinverseblend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service...

7.5CVSS7AI score0.02051EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-23287

Malware in sbrugna...

6.5CVSS6.5AI score0.01221EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-15575

Malware in sbrugna...

8.8CVSS6.3AI score0.02028EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-6960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the...

7.5CVSS7.3AI score0.01804EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:42 p.m.8 views

CVE-2021-36692

libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codecapng.cc jxl::DecodeImageAPNG. When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service...

6.5CVSS6.8AI score0.01221EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:30 a.m.11 views

CVE-2019-6007

Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service DoS condition or execute arbitrary code via unspecified vectors...

8.8CVSS8.1AI score0.02028EPSS
Exploits0References1
OSV
OSV
added 2023/04/17 3:15 p.m.4 views

CVE-2023-27705

APNGOptimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.png...

7.5CVSS6.1AI score0.00838EPSS
Exploits1References2
NVD
NVD
added 2023/04/17 3:15 p.m.11 views

CVE-2023-27705

APNGOptimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.png...

7.5CVSS7.8AI score0.00838EPSS
Exploits1References2
Rows per page
Query Builder