60 matches found
CVE-2026-61858
A flaw was found in ImageMagick. This vulnerability allows attackers to bypass configured policy restrictions through the APNG Animated Portable Network Graphics encoding process. By exploiting missing validation checks in the APNG encoder and external delegates, an attacker can write files to...
EUVD-2026-43187
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...
GHSA-8JR5-V98P-W75M vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations
Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...
vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations
Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...
MGASA-2026-0205 Updated libpng packages fix security vulnerabilities
LIBPNG has a use-after-free in pngsetPLTE, pngsettRNS and pngsethIST leading to corrupted chunk data and potential heap information disclosure. CVE-2026-34757 Chunk smuggling in push-mode APNG parser via unconsumed chunk body. CVE-2026-40930...
CVE-2026-40930
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
ALPINE-CVE-2026-40930
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
CVE-2026-40930
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
CVE-2026-40930
CVE-2026-40930 concerns LIBPNG (v1.8.0) where three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC. This allows attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk heade...
CVE-2026-40930
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
PT-2026-42116
Name of the Vulnerable Software and Affected Versions libpng-apng affected versions not specified Description An issue exists in the push-mode APNG parser where chunk smuggling is possible via an unconsumed chunk body. This occurs within the third-party libpng-apng patch. Recommendations At the...
JLSEC-2025-113 Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c,...
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apngdoinverseblend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service...
EUVD-2021-23287
Malware in sbrugna...
EUVD-2019-15575
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-6960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the...
CVE-2021-36692
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codecapng.cc jxl::DecodeImageAPNG. When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service...
CVE-2019-6007
Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service DoS condition or execute arbitrary code via unspecified vectors...
CVE-2023-27705
APNGOptimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.png...
CVE-2023-27705
APNGOptimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.png...