CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

UBUNTU-CVE-2025-52456

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based...

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow via the WebP Image Decoding functionality. An attacker can execute arbitrary code by enticing a user to open a specially crafted .webp animation file, which triggers an integer overflow during stride...

CVE-2025-52456

The CVE-2025-52456 entry describes a memory corruption in the WebP decoding path of the SAIL Image Decoding Library v0.9.8. Specifically, an integer overflow during stride calculation in the WebP animation decoding can overflow a heap buffer, enabling remote code execution when a crafted file is ...

CVE-2020-9747

Adobe Animate version 20.5 and earlier is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit...

CVE-2017-14578

IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4."...