CVE-2019-25634

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

CLSA-2026-1774351941 Fix CVE(s): CVE-2026-23952, CVE-2026-25970, CVE-2026-25988

SECURITY UPDATE: NULL pointer dereference in MSL parser - debian/patches/CVE-2026-23952.patch: add NULL check for image before DeleteImageProperty in comment and label tag handlers - CVE-2026-23952 SECURITY UPDATE: memory leak in MSL parser - debian/patches/CVE-2026-25988.patch: return stack inde...

CVE-2019-25634 Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

CVE-2019-25634

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

CVE-2019-25634 Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

CVE-2019-25634

The vulnerability CVE-2019-25634 affects Base64 Decoder 1.1.2. It is a stack-based buffer overflow in the decoder that enables local code execution when an SEH chain is overwritten via crafted input. An egghunter payload can locate and execute shellcode after overflowing a buffer and placing a PO...

Important: Red Hat Security Advisory: ImageMagick security update

An update for ImageMagick is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Base64 Decoder 缓冲区错误漏洞

Base64 Decoder is a 4Mhz open-source base64 decoder. Version 1.1.2 of Base64 Decoder contains a buffer error vulnerability. This vulnerability stems from a stack-based buffer overflow, which may allow local attackers to override the exception handling program and execute arbitrary code...

RHEL 7 : ImageMagick (RHSA-2026:5573)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5573 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes...

cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

Summary - The cbor2 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. - This vulnerability affects both the pure Python implementation and the C extension cbor2. The C extension correctly uses Python's C-API for...

CLSA-2026-1774262622 ImageMagick: Fix of CVE-2026-25983

CVE-2026-25983: fix use-after-free in MSL decoder repage/roll handlers...

CLSA-2026-1774262094 ImageMagick: Fix of CVE-2026-25983

CVE-2026-25983: fix use-after-free in MSL decoder repage/roll handlers...

OPENSUSE-SU-2026:20410-1 Security update for exiv2

This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder bsc1219870. - CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder bsc1219871. - CVE-2024-39695:...

[SECURITY] Fedora 42 Update: python-ujson-5.12.0-1.fc42

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

OESA-2026-1696 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1695 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1694 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues: CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference bsc1259455. CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write bsc1259467. Patch...

SUSE-SU-2026:0938-1 Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues: - CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference bsc1259455. - CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write bsc1259467...

Denial Of Service (DoS)

github.com/VictoriaMetrics/VictoriaMetrics is vulnerable to Denial of Service DoS. The vulnerability is due to the snappy decoder ignoring request size limits, which allows an attacker to send malformed compressed blocks that trigger excessive memory usage and cause service disruption...