CVE-2026-4887 Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

EUVD-2018-1878

Malware in sbrugna...

The vulnerability of the stbi__load_gif_main component in the C/C++ Libstb library, related to the repeated release of memory, allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the stbiloadgifmain component in the C/C++ Libstb library is related to the repeated release of memory. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and even cause service failures through the use of a...

SUSE CVE-2017-7606

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

USN-5835-3 nova vulnerability

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information...

PT-2022-4361 · Hdf5 +3 · Libhdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 Group libhdf5 version 1.10.4 Description: An out-of-bounds write issue exists in the gif2h5 functionality, allowing code execution through a specially-crafted GIF file. An attacker can trigger this issue by providing a malicious file,...

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...

The vulnerabilities of the functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage in the console image editor ImageMagick components, related to the lack of data validation, allow attackers to trigger service interruptions.

The vulnerability of the functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage in the ImageMagick console graphic editor’s code components coders/dcm.c, coders/pwp.c, coders/cals.c, and coders/p Pict.c is related to the lack of data validation during function execution. Exploitin...

UBUNTU-CVE-2021-29457

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An...

Apple CoreMedia Buffer Error Vulnerability

Apple CoreMedia is an Apple Inc. core component used in mobile devices for processing media data. Apple CoreMedia suffers from a buffer error vulnerability that exists due to a boundary condition within the CoreMedia component in macOS. A remote attacker could create a specially crafted image and...

Heap Overwrite Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58811)

LightShadow Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap of out-of-bounds writing vulnerabilities, an attacker can construct a special picture to cause the software to crash, and ca...

Heap Overwrite Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58814)

LightShadow Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap of out-of-bounds writing vulnerabilities, an attacker can construct a special picture to cause the software to crash, and ca...

The vulnerability of the WriteTGAImage function in the GraphicsMagick graphics editor allows an attacker to cause a service failure by causing the operation to exceed the buffer limits in memory.

The vulnerability of the WriteTGAImage function in the GraphicsMagick graphics editor is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by using a specially created image file...

CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...

kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image

The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4xattrinodehash function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image...

Simple DirectMedia Layer SDL2_image Heap Buffer Overflow Vulnerability

Simple DirectMedia Layer is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software, and emulators. sdl2image is a component used in it for parsing and displaying various image file formats. A heap buffer overflow vulnerability exists in th...

Simple DirectMedia Layer SDL2_image Information Disclosure Vulnerability (CNVD-2018-08711)

Simple DirectMedia Layer is a cross-platform development library that provides low-level access to audio, keyboard, mouse, and graphics hardware devices, etc. via OpenGL and Direct3D. A security vulnerability exists in the PCX image rendering feature of Simple DirectMedia Layer SDL2image-2.0.2. T...

The vulnerability of the GIF loader in the imlib2 library allows a hacker to trigger a service failure or gain access to confidential data.

The vulnerability of the imlib2 GIF library loader exists due to a read buffer overflow error. Exploiting this vulnerability can allow an attacker to cause service failures or gain access to confidential data using a specially created GIF image...

UBUNTU-CVE-2017-7598

tifdirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted image...