Lucene search
K

175 matches found

EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42889

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS6.1AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 11:1 p.m.5 views

CVE-2026-55594

A flaw was found in ImageMagick, free and open-source software for editing and manipulating digital images. A missing depth check in the MVG Magick Vector Graphics decoder can lead to a stack overflow when a remote attacker provides a specially crafted image. This vulnerability could result in a...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 7:16 p.m.3 views

UBUNTU-CVE-2026-55594

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 6:50 p.m.54 views

CVE-2026-53467

ImageMagick’s CVE-2026-53467 affects the MNG decoder. Prior to 6.9.13-51 and 7.1.2-26, the decoder can disclose heap information because part of the pixels are left unchanged. Fixed in 6.9.13-51 and 7.1.2-26. Affected software: ImageMagick (Image editing/manipulation tool); component: MNG decoder...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 7:8 p.m.8 views

EUVD-2026-40379

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53951

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Improper validation in the XDF decoder allows an adjacent attacker to cause a denial of service. The application processes deeply nested Protocol Buffers messages and...

6.5CVSS6AI score0.00269EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 1:16 p.m.30 views

CVE-2026-56379

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

9.2CVSS0.00895EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:31 p.m.6 views

CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS5.6AI score0.00263EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/18 8:31 p.m.27 views

CVE-2026-45696

CVE-2026-45696 affects OpenEXR 3.4.0–3.4.11, where the HTJ2K decoder’s ht_undo_impl() can perform a heap-buffer-overflow READ due to a width mismatch between the EXR codestream and the declared line width. The decoder copies 32-bit samples from cur_line->i32[] without validating the OpenJPH li...

8.3CVSS5.6AI score0.00263EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 7:15 p.m.7 views

CVE-2026-52722 Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.4AI score0.0031EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/10 11:12 p.m.14 views

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.9 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient validation in the DCM decoder. An attacker can cause the application to process images with invalid dimensions, potentially leading to application crashes or denia...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 9:22 p.m.35 views

CVE-2026-46523 ImageMagick: Use-After-Free in MSL decoder.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...

6.2CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 9:22 p.m.55 views

CVE-2026-46523

CVE-2026-46523 is a use-after-free in ImageMagick’s MSL image handling. A crafted MSL image can trigger a heap-use-after-free, affecting versions prior to 7.1.2.23 and 6.9.13-48. The issue is fixed in 7.1.2.23 and 6.9.13-48. If you rely on ImageMagick, upgrade to one of the fixed releases to reme...

7.5CVSS5.4AI score0.00301EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/01 1:11 a.m.16 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS7AI score0.0058EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-8796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash...

8.1CVSS5.5AI score0.00399EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44992

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder fails to impose a limit on the size of PackBits-compressed data. This allows a maliciously crafted image, even one with small pixel dimensions a...

9.1CVSS5.8AI score0.00487EPSS
Exploits0References99
Rows per page
Query Builder