Lucene search
K

187 matches found

Nuclei
Nuclei
added yesterday49 views

WordPress Core 5.0.0 - Crop-image Shell Upload

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. i...

6.5CVSS7AI score0.91985EPSS
Exploits9References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: A NULL pointer dereferencing occurred in imgusubdevsetselection. Calling v4l2subdevgettrycrop and v4l2subdevgettrycompose with a subdev state of NULL leads to a NULL pointer dereferencing. This issue can occur in...

5.3AI score0.00206EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemset in libtiff/tifunix.c:340, when called from the process ProcessCropSelections, tools/tiffcrop.c:7619. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIFF file. For users who compile...

6.5CVSS6.8AI score0.00938EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in imagemagick

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets were causing undefined behavior, including integer overflow and out-of-range values, as reported by UndefinedBehaviorSanitizer. Such issues could negatively...

4.3CVSS6.6AI score0.01072EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose-height boundary issue Syzkaller identified a bug: BUG: Unable to handle page faults for address: ffffc9000a3b1000 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-present page PGD...

5.5CVSS6.1AI score0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 12:0 a.m.15 views

CVE-2026-36796

CVE-2026-36796 affects Shenzhen Tenda Technology Co., Ltd Tenda G0 firmware v15.11.0.5. The issue is a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function, enabling a remote attacker to trigger Denial of Service via a crafted HTTP request. CVSS v3.1 metrics indicat...

7.5CVSS5.6AI score0.00397EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/22 4:36 p.m.106 views

Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress

WordPress Crop Image RCE — CVE-2019-8942 / CVE-2019-8943 Pyth...

8.8CVSS5.9AI score0.91985EPSS
Exploits10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in TIF format

The processCropSelections function in the tools/tiffcrop.c file of LibTIFF, as of version 4.5.0, has a heap-based buffer overflow vulnerability. This vulnerability occurs due to a crafted TIFF image being written with a size of 307203 bytes...

5.5CVSS6.8AI score0.00461EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/15 1:41 p.m.4 views

SUSE CVE-2026-33019

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/15 5:55 a.m.4 views

CVE-2026-33019

A flaw was found in libsixel. An attacker can trigger an integer overflow in the image processing component, img2sixel, by supplying a specially crafted crop argument. This vulnerability leads to an out-of-bounds memory read, which can cause the application to crash, resulting in a Denial of...

7.1CVSS6AI score0.00256EPSS
Exploits1References5
NVD
NVD
added 2026/04/14 10:16 p.m.9 views

CVE-2026-33019

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS0.00256EPSS
Exploits1References2
OSV
OSV
added 2026/04/14 10:16 p.m.3 views

DEBIAN-CVE-2026-33019

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS5.5AI score0.00256EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/14 10:16 p.m.13 views

CVE-2026-33019

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References3
OSV
OSV
added 2026/04/14 10:16 p.m.4 views

UBUNTU-CVE-2026-33019

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/14 9:49 p.m.4 views

EUVD-2026-22742

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/14 9:49 p.m.3 views

CVE-2026-33019 libsixel: Integer overflow leads to Out-of-bounds Read in img2sixel

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 9:49 p.m.12 views

CVE-2026-33019

Summary: The issue affects libsixel versions up to 1.8.7 and prior, where the --crop handling in img2sixel can overflow when coordinates are large. In sixel_encoder_do_clip(), clip_w + clip_x overflows for clip_x = INT_MAX, bypassing bounds checks and allowing an unclamped coordinate to reach six...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 9:49 p.m.21 views

CVE-2026-33019 libsixel: Integer overflow leads to Out-of-bounds Read in img2sixel

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS0.00256EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:49 p.m.2 views

CVE-2026-33019

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder