GHSA-8JR5-V98P-W75M vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

OESA-2026-2685 giflib security update

giflib is a library of gif images and provides utilities for processing images. Security Fixes: Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validati...

CVE-2026-30141

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

PT-2026-48164

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

CVE-2026-30141

The CVE-2026-30141 entry concerns bitbank2 AnimatedGIF v2.2.0, where a vulnerability in DecodeLZW constitutes a buffer overflow. This allows remote attackers to cause a crash (DoS) or potentially execute arbitrary code via a crafted GIF file. The available documents specify the affected product a...

CVE-2026-8669

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match...

[SECURITY] Fedora 44 Update: giflib-6.1.3-2.fc44

giflib is a library for reading and writing gif images...

RLSA-2026:19154 Important: giflib security update

giflib is a library for reading and writing gif images. Security Fixes: giflib: Giflib: Double-free vulnerability leading to memory corruption CVE-2026-23868 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42879

CVE-2026-42879 affects FacturaScripts

SUSE CVE-2023-45664

stbimage is a single file MIT licensed library for processing images. A crafted image file can trigger stbiloadgifmainoutofmem attempt to double-free the out variable. This happens in stbiloadgifmain because when the layers stride value is zero the behavior is implementation defined, but common...

FacturaScripts 代码问题漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia of Spain. Versions of FacturaScripts prior to 2025.81 contained code vulnerabilities. These vulnerabilities stemmed from the unlimited file upload feature in the product image upload function. Attackers could upload PHP file...

Updated perl-Imager packages fix security vulnerabilities

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. CVE-2026-8669...

MGASA-2026-0154 Updated perl-Imager packages fix security vulnerabilities

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. CVE-2026-8669...

Exploit for CVE-2026-4885

CVE-2026-4885 – Piotnet Addons for Elementor Pro Mass Exploit...

Astra Linux - уязвимость в htmldoc

A vulnerability was discovered in htmldoc version 1.9.15. This vulnerability occurs in the gifgetcode function, where an out-of-bounds stack read operation takes place. The vulnerability manifests itself when opening a malicious GIF file, potentially leading to a crash segmentation fault...

Astra Linux - уязвимость в giflib

The DGifDecompressLine function in dgiflib.c within GIFLIB possibly version 3.0.x, as later included in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because the index of the "Private-RunningCode - 2" array is not checked. This could lead to a denial of service or possibly other...