CVE-2026-42500

CVE-2026-42500 affects decoding in golang.org/x/image/bmp for paletted BMP images. The issue is triggered by decoding a BMP with an out-of-range palette index, causing a panic when accessing pixels in the invalid image. Root cause: palette index validation failure during palette/pixel processing....

Astra Linux - уязвимость в htmldoc

A buffer under-reading issue based on stacks in the htmldoc before version 1.9.12 allows attackers to cause a denial of service by using a crafted BMP image with the imageloadbmp function...

Astra Linux - уязвимость в libsdl2, libsdl1.2

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

JLSEC-2026-362

SDL Simple DirectMedia Layer through 2.0.12 has an Integer Overflow and resultant SDLmemcpy heap corruption in SDLBlitCopy in video/SDLblitcopy.c via a crafted .BMP file...

JLSEC-2026-364

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

EUVD-2019-19874

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the...

CVE-2019-25563

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the...

CVE-2019-25563 PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the...

PT-2026-26908

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the...

Out-of-bounds Write

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Allocation of Resources Without Limits or Throttling

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods when processing BMP image data with unvalidated dimensions. An attacker can cause excessive memory...

CVE-2019-2281

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...

Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion

Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control C2 and red teaming framework known as Tuoni. "The campaign leveraged the emerging Tuoni C2 framework, a relatively new,...

CVE-2025-10923

CVE-2025-10923 : GIMP WBMP File Parsing Integer Overflow Remote Code Execution vulnerability. The flaw arises from insufficient validation during WBMP parsing, causing an overflow when allocating a buffer and enabling code execution in the current process. Exploitation requires the target to visi...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the ReadBMPImage function in the coders/bmp.c file. An attacker can cause the application to crash or become unresponsive by submitting specially crafted BMP files. Remediation A fix was pushed into th...

EUVD-2007-0651

Malware in sbrugna...

EUVD-2018-16666

Malware in sbrugna...

EUVD-2019-8657

Malware in sbrugna...

CVE-2025-46407

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the...

Linux Distros Unpatched Vulnerability : CVE-2019-13568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CImg through 2.6.7 has a heap-based buffer overflow in loadbmp in CImg.h because of erroneous memory allocation for a malformed BMP image. CVE-2019-13568 Note...