Fedora 44 : perl-Imager (2026-63ab4e8283)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-63ab4e8283 advisory. Imager 1.031 - GIF: fix a heap buffer overflow with attacker controlled data CVE-2026-8454 Imager 1.030 - addtag: store non-int numbers as strings - addtag:...

UBUNTU-CVE-2026-43907

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when...

CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoided format-overflow warnings With GCC and the W=1 option, there is a warning like this: fs/f2fs/compress.c: In the function ‘f2fsinitpagearraycache’: fs/f2fs/compress.c:1984:47: Error: The ‘%u’ directive is writing 1 to...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow occurs when parsing the filename format string for the output filename, resulting in path truncation, as well as possible path traversal and code execution...

Astra Linux – Vulnerability in gdk-pixbuf

GNOME GdkPixbuf also known as GDK-PixBuf prior to version 2.42.8 allowed a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated in the io-gif-animation.c file’s compositeframe function. This overflow was controllable and could be exploited for code executio...

EUVD-2026-23096

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

SUSE-SU-2026:1300-1 Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues: - CVE-2026-26284: heap overflow in pcd decoder leads to out of bounds read bsc1258765. - CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow bsc1259456...

ImageMagick has heap buffer overflow in YUV 4:2:2 decoder

A heap buffer overflow write vulnerability exists in ReadYUVImage coders/yuv.c when processing malicious YUV 4:2:2 NoInterlace images. The pixel-pair loop writes one pixel beyond the allocated row buffer. ================================================================= ==204642==ERROR:...

USN-8075-1: GIMP vulnerabilities

Michael Randrianantenaina discovered that calculating the linear size of a DDS file could overflow on 32-bit systems. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS...

Updated gimp packages fix security vulnerabilities

XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. CVE-2025-2760 FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. CVE-2025-2761 Multiple heap buffer overflows in tga parser. CVE-2025-48797 Multiple use after free in xcf parser. CVE-2025-48798 XWD File...

MiracleLinux 9 : gimp-2.99.8-4.el9_5 (AXSA:2025-9834:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9834:01 advisory. gimp: dds buffer overflow RCE CVE-2023-44441 gimp: PSD buffer overflow RCE CVE-2023-44442 gimp: psp integer overflow RCE CVE-2023-44443 gimp: psp...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989693)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989693 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989419)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989419 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this:...

SUSE-SU-2025:02119-1 Security update for clamav

This update for clamav fixes the following issues: ClamAV version 1.4.3: - CVE-2025-20260: PDF Scanning Buffer Overflow Vulnerability bsc1245054. - CVE-2025-20234: Vulnerability in Universal Disk Format UDF processing bsc1245055. Other bugfixes: - Fix a race condition between the mockup servers...

Linux Distros Unpatched Vulnerability : CVE-2023-52748

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function f2fsinitpagearraycache':...

Security update for ghostscript

This update for ghostscript fixes the following issues: CVE-2024-46951: Fixed arbitrary code execution via unchecked "Implementation" pointer in "Pattern" color space bsc1232265. CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code...

Security update for ghostscript

This update for ghostscript fixes the following issues: CVE-2024-46951: Fixed arbitrary code execution via unchecked "Implementation" pointer in "Pattern" color space bsc1232265. CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code...

SUSE CVE-2023-52748

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function 'f2fsinitpagearraycache': fs/f2fs/compress.c:1984:47: error: '%u' directive writing between 1 and 7 bytes...

DEBIAN-CVE-2023-52748

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fsinitpagearraycache’: fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between 1 and 7 bytes...