Lucene search
+L

65 matches found

redhat
redhat
added 2026/06/29 10:3 a.m.8 views

ImageMagick: ImageMagick: Denial of Service via crafted MIFF file

A flaw was found in ImageMagick. A remote attacker could provide a specially crafted MIFF Magick Image File Format file, which, due to a missing check in the MIFF decoder, would lead to an infinite loop. This vulnerability results in CPU exhaustion, causing a Denial of Service DoS for the affecte...

7.5CVSS5.8AI score0.01849EPSS
Exploits4References5
redhat
redhat
added 2026/06/29 10:3 a.m.7 views

ImageMagick: ImageMagick: Denial of Service due to resource policy bypass in PSD decoder

A flaw was found in ImageMagick. A missing check in the PSD Photoshop Document decoder allows an attacker to bypass the list-length resource policy when processing a specially crafted PSD image. This could lead to a denial of service DoS condition by consuming excessive resources...

7.5CVSS5.7AI score0.00495EPSS
Exploits0References5
osv
osv
added 2026/06/15 8:16 p.m.7 views

UBUNTU-CVE-2026-53705

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.0031EPSS
Exploits0References6
snyk
snyk
added 2026/06/10 11:12 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
euvd
euvd
added 2026/06/10 9:30 p.m.11 views

EUVD-2026-36162

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the iss...

7.5CVSS5.4AI score0.01849EPSS
Exploits4References1
nessus
nessus
added 2026/06/03 12:0 a.m.13 views

TencentOS Server 4: libexif (TSSA-2026:0328)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0328 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS5.8AI score0.00193EPSS
Exploits1References2
nessus
nessus
added 2026/06/02 12:0 a.m.76 views

Ubuntu 24.04 LTS : FFmpeg vulnerability (USN-8329-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8329-1 advisory. It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to...

6.2CVSS5.8AI score0.00238EPSS
Exploits0References2
snyk
snyk
added 2026/05/18 8:33 p.m.12 views

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
github
github
added 2026/05/18 5:53 p.m.16 views

ImageMagick: Policy Bypass in PSD decoder

Due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References3Affected Software18
redhat
redhat
added 2026/05/11 4:22 p.m.13 views

freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks

An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. An attacker may be able to leverage this weakness to leak global data...

9.4CVSS5.7AI score0.00263EPSS
Exploits1References6
osv
osv
added 2026/04/25 5:50 a.m.7 views

OESA-2026-2087 musl security update

musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards conforman...

8.1CVSS5.2AI score0.00227EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/04/21 1:22 a.m.7 views

CVE-2026-29645

NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...

7.5CVSS5.9AI score0.00543EPSS
Exploits0References1
euvd
euvd
added 2026/04/20 9:31 p.m.6 views

EUVD-2026-23937

NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...

5.9AI score0.00543EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.9 views

PT-2026-33826

NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...

7.5CVSS5.9AI score0.00543EPSS
Exploits0References8
cve
cve
added 2026/04/20 12:0 a.m.10 views

CVE-2026-29645

CVE-2026-29645 (NEMU/OpenXiangShan/NEMU) : The RVV decoder in NEMU before v2025.12.r2 has an improper instruction-validation flaw: it does not properly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl. As a result, certain invalid OP-V instruction encodings can be misinterpreted an...

7.5CVSS5.9AI score0.00543EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2026/04/16 12:0 a.m.9 views

openCryptoki 安全漏洞

openCryptoki is an open-source library and tool for Linux that utilizes the PKCS11 standard. Versions of openCryptoki 3.26.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the BER/DER decoding functions in the shared public libraries, which trust the BER length fiel...

6.8CVSS5.9AI score0.0016EPSS
Exploits1References2
nessus
nessus
added 2026/03/24 12:0 a.m.4 views

RHEL 7 : ImageMagick (RHSA-2026:5573)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5573 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes...

8.6CVSS5.8AI score0.00671EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/02/20 12:0 a.m.10 views

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained security vulnerabilities, which stemmed from a heap buffer...

9.3CVSS6.5AI score0.0029EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/01/27 8:59 a.m.5 views

CVE-2026-24823

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in FASTSHIFT X-TRACK Software/X-Track/USER/App/Utils/lvimgpng/PNGdec/src modules. This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7...

10CVSS5.9AI score0.00346EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/11/21 12:0 a.m.15 views

PT-2025-47807

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.3.4 through 5.5.1 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in its hardware JPEG decoder when used with the ESP32-P4. The software parser does not perform adequate...

6.9CVSS6.6AI score0.0032EPSS
Exploits0References8
Rows per page
Query Builder