47 matches found
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2026-34589 via openexr (>=3.4.11 <=3.4.4)
openexr PYPI version =3.4.11, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34589 Source advisory: SNYK:PYTHON-OPENEXR-15993179...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +64 more potentially affected by CVE-2025-64183 via openexr (=3.4.11)
openexr PYPI version =3.4.11 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2026-34543 via openexr (>=3.4.11 <=3.4.4)
openexr PYPI version =3.4.11, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34543 Source advisory: OSV:GHSA-VC68-257W-M432...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2026-34544 via openexr (>=3.4.11 <=3.4.4)
openexr PYPI version =3.4.11, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34544 Source advisory: OSV:GHSA-H762-RHV3-H25V...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2026-26981 via openexr (>=3.4.11 <=3.4.4)
openexr PYPI version =3.4.11, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-26981 Source advisory: SNYK:PYTHON-OPENEXR-15338791...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +64 more potentially affected by CVE-2025-12840 via openexr (=3.4.11)
openexr PYPI version =3.4.11 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +64 more potentially affected by CVE-2025-64183 via openexr (=3.4.11)
openexr PYPI version =3.4.11 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +64 more potentially affected by CVE-2025-64182 via openexr (=3.4.11)
openexr PYPI version =3.4.11 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +64 more potentially affected by CVE-2025-64181 via openexr (=3.4.11)
openexr PYPI version =3.4.11 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...
CVE-2024-48514
php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...
MAL-2025-3198 Malicious code in sharp-heic (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db9ffb0551887208262a5445e00bde6f964551601c407e01dfd493ef1b144e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sharp-heic (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db9ffb0551887208262a5445e00bde6f964551601c407e01dfd493ef1b144e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Remote Code Execution
php-heic-to-jpg is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of HEIC image uploads, allowing an attacker to execute code on the remote server via the image file name...
Remote code execution in php-heic-to-jpg
php-heic-to-jpg 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg below 1.0.5...
GHSA-G8V9-C8M3-942V Remote code execution in php-heic-to-jpg
php-heic-to-jpg 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg below 1.0.5...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file name. An attacker who can upload heic images is able to execute code on the remote server. Remediation Upgrade maestroerror/php-heic-to-jpg to version 1.0.5 or higher. References - GitHub Commit -...
CVE-2024-48514
php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...
CVE-2024-48514
php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...
CVE-2024-48514
php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...
PT-2024-33130 · Unknown · Php-Heic-To-Jpg
Name of the Vulnerable Software and Affected Versions: php-heic-to-jpg versions 1.0.5 and below Description: The issue allows an attacker who can upload heic images to execute code on the remote server via the file name, resulting in a loss of confidentiality, integrity, and availability...