Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow [CVE-2026-40192]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow, due to a failure to limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attack CVE-2026-40192. Pillow is used in our speech runtimes. Thi...

OESA-2026-2000 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

Security update for python-Pillow (important)

openSUSE security update: security update for python-pillow ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20617-1 Rating: important References: bsc1262184 Cross-References: CVE-2026-40192 CVSS scores: CVE-2026-40192 SUSE : 7.5...

SUSE-SU-2026:21382-1 Security update for python-Pillow

This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks bsc1262184...

CVE-2026-40192

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

EUVD-2026-23020

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel...

CVE-2026-40915

GIMP contains a vulnerability CVE-2026-40915 in the FITS image loader: a remote attacker can craft a FITS file to trigger an integer overflow, leading to a zero-byte allocation and a subsequent heap buffer overflow when processing pixel data. This could cause a denial of service or, potentially, ...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from integer overflow in the FITS image loader. This could lead to a heap buffer overflow when processing specially crafted FITS files, potentially causing denial-of-service attac...

Linux Distros Unpatched Vulnerability : CVE-2018-3847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed v...

SUSE CVE-2018-3846

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

SUSE CVE-2018-3849

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

OESA-2022-1533 cfitsio security update

Library for manipulating FITS data files. Security Fixes: In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and...

Multiple Buffer Overflow Vulnerabilities in CFITSIO

CFITSIO library is a C library for reading and writing data files in FITS Flexible Image Transfer System data format. Multiple buffer overflow vulnerabilities exist in the image parsing functionality in CFITSIO library version 3.42. An attacker can exploit this vulnerability by sending a speciall...

PT-2018-16241 · Nasa · Cfitsio

Name of the Vulnerable Software and Affected Versions: CFITSIO library version 3.42 Description: Multiple exploitable buffer overflow vulnerabilities exist in the image parsing functionality. Specially crafted images parsed via the library can cause a stack-based buffer overflow, overwriting...

NASA CFITSIO 'ffghtb' function heap buffer overflow vulnerability

NASA CFITSIO is a FITS file subroutine library for reading and writing data files in FITS Flexible Image Transfer System format. A heap buffer overflow vulnerability exists in the 'ffghtb' function in NASA CFITSIO version 3.42. An attacker could exploit this vulnerability by sending a FIT image t...

NASA CFITSIO 'ffgphd' and 'ffgtkn' function stack buffer overflow vulnerability

NASA CFITSIO is a FITS file subroutine library for reading and writing data files in FITS Flexible Image Transfer System format. A stack buffer overflow vulnerability exists in the 'ffgphd' and 'ffgtkn' functions in NASA CFITSIO version 3.42. An attacker could exploit this vulnerability by sendin...

DEBIAN-CVE-2018-3849

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

UBUNTU-CVE-2018-3846

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...