CVE-2026-27284 InDesign Desktop | Out-of-bounds Read (CWE-125)

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the curre...

PT-2025-36987

Name of the Vulnerable Software and Affected Versions: Substance3D - Modeler versions 1.22.2 and earlier Description: Substance3D - Modeler is affected by an out-of-bounds read issue when processing a specially crafted file. This can lead to reading beyond the boundaries of allocated memory. An...

CVE-2024-23159

A maliciously crafted STP file, when parsed in stpaimx64vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...

CVE-2023-6277 Libtiff: out-of-memory in tiffopen via a craft file

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-2477)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2017-11526

The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted file...

SUSE CVE-2017-11538

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage function in coders/png.c...

Updated libtiff packages fix security vulnerability

libtiff's tiffcrop utility has a uint32t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parameters could cause a crash or in some cases, further exploitation. CVE-2022-2867...

CVE-2022-32317

The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vov4l2.c. This vulnerability can lead to a Denial of Service DoS via a crafted file. The device=strdup statement is not executed on every call. Note: This has been...

CVE-2020-16589

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file...

CVE-2021-20244

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability...

Design/Logic Flaw

A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause...

CVE-2019-20352

In Netwide Assembler NASM 2.15rc0, a heap-based buffer over-read occurs via a crafted .asm file in settextfree when called from expandonesmacro in asm/preproc.c...

CVE-2018-1000667

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption crashed of nasm when handling a crafted file due to function assemblefileinname, dependptr at asm/nasm.c:482. vulnerability in function assemblefileinname, dependptr at asm/nasm.c:482. that can result in...

CVE-2018-7876

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWFACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file...

CVE-2018-5684

In Libav through 12.2, there is an invalid memcpy call in the ffmovreadstsdentries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service segmentation fault and program failure with a crafted avi file...

CVE-2017-15281

ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised values."...

CVE-2017-13133

In ImageMagick 7.0.6-8, the loadlevel function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service loadtile memory exhaustion via a crafted file...

CVE-2017-12144

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file...

CVE-2017-11639

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h...