Lucene search
K

704 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 7:47 p.m.5 views

CVE-2026-46601

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

5.8AI score0.00339EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 6:8 p.m.28 views

CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...

5.4CVSS0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the ecamencodercompressh264 function relied on server-controlled dimensions and did not validate the source buffer size, resulting in a out-of-bounds read in swsscale. This vulnerability has been fixed in...

9.1CVSS5.5AI score0.00489EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in GraphicsMagick

The ReadJXLImage function in the JXL library within GraphicsMagick before version 1.3.46 has no image dimension resource limits...

7.5CVSS6.1AI score0.00413EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:0 a.m.12 views

CVE-2026-52673

CVE-2026-52673 affects Cboard

6.5CVSS6.4AI score0.00437EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.36 views

CVE-2026-52673

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component...

0.00437EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 11:16 p.m.10 views

CVE-2026-53923

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

7.5CVSS0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:55 p.m.16 views

CVE-2026-53923

Summary of CVE-2026-53923 : The vulnerability affects vLLM (GGUF dequantize kernels) where integer truncation of tensor dimensions causes partially filled output tensors. From 0.5.5 up to 0.23.1rc0, the code allocates the full output tensor (torch::empty) but the CUDA kernel processes only a trun...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 3:12 a.m.7 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.12 views

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3373 (ALAS-2026-3373)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3373 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:12 p.m.5 views

CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/19 8:12 p.m.6 views

CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS5.9AI score0.00227EPSS
Exploits1
OSV
OSV
added 2026/06/18 1:7 p.m.8 views

GHSA-2R2C-CX56-8933 JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry

Summary The JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS Negotiate About Window Size option. An unauthenticated remote attacker can send a NAWS subnegotiation advertising a 65535×65535 terminal and repeatedly alternate...

7.5CVSS5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 7:13 a.m.8 views

CVE-2026-49218

A flaw was found in ImageMagick. A missing check in the DCM Digital Imaging and Communications in Medicine decoder allows a remote attacker to provide a specially crafted image with invalid dimensions. This can lead to crashes in other operations, resulting in a denial of service DoS for the...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 11:16 p.m.5 views

DEBIAN-CVE-2026-49218

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 11:16 p.m.13 views

CVE-2026-49218

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched...

7.5CVSS0.00346EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 11:16 p.m.7 views

UBUNTU-CVE-2026-49218

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched...

7.5CVSS5.2AI score0.00346EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 11:12 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Rows per page
Query Builder