GenPTW: In-Generation Image Watermarking for Provenance Tracing and Tamper Localization

The rapid development of generative image models has brought tremendous opportunities to AI-generated content AIGC creation, while also introducing critical challenges in ensuring content authenticity and copyright ownership. Existing image watermarking methods, though partially effective, often...

The vulnerability of the NCompress::NRar3::CDecoder::Code method in p7zip and 7-Zip archivers allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the NCompress::NRar3::CDecoder::Code method in p7zip and 7-Zip archivers is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure or execute arbitrary code through the...

CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

UBUNTU-CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

OESA-2025-1431 xz security update

XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. Security Fixes: XZ Utils provide a general-purpose data-compression library...

OESA-2025-1430 xz security update

XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. Security Fixes: XZ Utils provide a general-purpose data-compression library...

The vulnerability of the SMS decoder in the OFono mobile phone stack allows a hacker to execute arbitrary codes.

The vulnerability of the SMS decoder in the OFono mobile phone stack is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a hacker to execute arbitrary codes...

PCDiff: Proactive Control for Ownership Protection in Diffusion Models with Watermark Compatibility

With the growing demand for protecting the intellectual property IP of text-to-image diffusion models, we propose PCDiff -- a proactive access control framework that redefines model authorization by regulating generation quality. At its core, PCDIFF integrates a trainable fuser module and...

Medium: thunderbird

Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...

The vulnerability of the command-line PDF conversion tool QPDF lies in its memory usage after it is freed. This allows a malicious actor to execute arbitrary code.

The vulnerability of the command-line PDF conversion tool QPDF relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code by processing the PlASCII85Decoder::write parameter...

XZ has a heap-use-after-free bug in threaded .xz decoder

...

Updated xz packages fix security vulnerability

XZ has a heap-use-after-free bug in threaded .xz decoder. CVE-2025-31115...

SUSE CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115

A flaw was found in the XZ Utils library. In affected versions, the multithreaded .xz decoder in liblzma has a bug where invalid input can trigger a heap use-after-free condition, allowing writes to an address based on the null pointer plus an offset. This issue may result in a crash or other...

USN-7414-1 xz-utils vulnerability

Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code...

AZL-59497 CVE-2025-31115 affecting package xz for versions less than 5.4.4-2

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

ALPINE-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

DEBIAN-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...