Malicious code in color-convert (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71ee3370ed9cf22bf89fbf40c954408a6ddcd17fbd38750027a2b7fab6034bce Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-46971 Malicious code in color-convert (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71ee3370ed9cf22bf89fbf40c954408a6ddcd17fbd38750027a2b7fab6034bce Any computer that has this package installed or running should be considered fully compromised. All...

@7365admin1/layer-common (>=1.8.0 <=1.11.40), @_sh/ckeditor5-font-with-picker (=0.0.1) +388 more potentially affected by CVE-2025-59162 via color-convert (=3.1.0)

color-convert NPM version =3.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on color-convert and may be impacted: - @7365admin1/layer-common =1.8.0, =7.0.0, =0.0.6, =1.0.0, =1.0.24, =0.0.5, =0.0.1, =0.0.1, =1.0.38, =1.0.1, =1.0.0, =24.0.0 and more...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

PT-2025-37747

Name of the Vulnerable Software and Affected Versions: color-convert versions prior to 3.1.2 Description: The npm package color-convert was compromised through a phishing attack on the publishing account. A malicious version 3.1.1 was published containing a payload designed to redirect...

CVE-2025-36906

In ConvertReductionOp of darwinnmlirconverteraidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36906

CVE-2025-36906 involves a heap-buffer overflow in the ConvertReductionOp of darwinn_mlir_converter_aidl.cc, causing an out-of-bounds write that can lead to local privilege escalation. The vulnerability is exploitable with local access and does not require user interaction. The source documents co...

btrfs: exit after state insertion failure at btrfs_convert_extent_bit()

...

Linux Distros Unpatched Vulnerability : CVE-2018-16982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Chinese Convert OpenCC 1.0.5 allows attackers to cause a denial of service segmentation fault because BinaryDict::NewFromFile in BinaryDict.cpp may have...

PUB-A-289810779

In ConvertReductionOp of darwinnmlirconverteraidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-30057

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

Linux Distros Unpatched Vulnerability : CVE-2025-5001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function...

Linux Distros Unpatched Vulnerability : CVE-2020-23109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow vulnerability in function convertcolorspace in heifcolorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and...

Linux Distros Unpatched Vulnerability : CVE-2017-14650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Remote Code Execution vulnerability has been found in the HordeImage library when using the Im backend that utilizes ImageMagick's convert utility. It's not...

Linux Distros Unpatched Vulnerability : CVE-2021-3574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. CVE-2021-3574 Note that...

Linux Distros Unpatched Vulnerability : CVE-2024-31047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service DoS via the convert function of...

Linux Distros Unpatched Vulnerability : CVE-2016-9117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Access in function imagetopnm of convert.cjp2:1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file...

Linux Distros Unpatched Vulnerability : CVE-2017-17555

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The swriaudioconvert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote...

Medium: openexr

Issue Overview: An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service DoS via the convert function of exrmultipart.cpp. CVE-2024-31047 Affected Packages: openexr Issue Correction: Run dnf update openexr --releasever 2023.8.20250818...

Malicious code in yyf-convert (npm)

The package yyf-convert was found to contain malicious code...