DEBIAN-CVE-2026-6384

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from a buffer overflow in the GIF image loading component called the ReadJeffsImage function. This vulnerability could lead to denial of service or the execution of arbitrary code...

CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the stbiloadgifmain function. An attacker can cause memory corruption or execute arbitrary code by providing a specially crafted multi-frame GIF file that triggers a double free condition. Remediation There is no fixed...

CVE-2026-5186

A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbiloadgifmain of the file stbimage.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and...

EUVD-2019-7884

Malware in sbrugna...

CVE-2024-44080

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format...

OESA-2023-1866 stb security update

Single-file public domain libraries for C/C++. Security Fixes: stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the...

stb Resource Management Error Vulnerability

stb is a single-file public domain library for C/C ++. A security vulnerability exists in stb version v.2.28, which originates from a vulnerability that allows remote attackers to cause a denial of service via a crafted file to the stbiloadgifmain function...

SUSE CVE-2023-45667

stbimage is a single file MIT licensed library for processing images. If stbiloadgifmain in stbiloadgiffrommemory fails it returns a null pointer and may keep the z variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls stbiverticalflipslices with th...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the stbiloadgifmainoutofmem function, an attacker can potentially exploit a double-free condition by using a specially crafted image file. This is only exploitable in a multi-threaded environment and, in the worst case, m...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when the stbiloadgifmain in stbiloadgiffrommemory fails, it returns a null pointer and may leave the z variable uninitialized. If the caller also sets the flip vertically flag, it continues and calls...

DEBIAN-CVE-2023-45664

stbimage is a single file MIT licensed library for processing images. A crafted image file can trigger stbiloadgifmainoutofmem attempt to double-free the out variable. This happens in stbiloadgifmain because when the layers stride value is zero the behavior is implementation defined, but common...

PT-2023-9363 · Stb Image +3 · Stb Image +3

Name of the Vulnerable Software and Affected Versions: stb image affected versions not specified Description: The issue is related to the stbi load gif main function in the stb image library, which may lead to a memory leak or double-free if the caller chooses to free the delays memory only when...

SUSE CVE-2019-17534

vipsforeignloadgifscanimage in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free...

Libvips Reuse After Release Vulnerability

libvips is a demand-driven multithreaded image processing library. A post-release reuse vulnerability exists in versions of libvips prior to 8.8.2, which stems from vipsforeignloadgifscanimage in foreign/gifload.c in libvips attempting to access the color image prior to the DGifGetImageDesc call,...