CVE-2026-40917

CVE-2026-40917 is reported in GIMP as a heap over-read in the ICNS image loader via icns_slurp() when processing crafted ICNS files. Affected software is GIMP; the vulnerability may cause application crashes or information disclosure. The connected documents corroborate the issue across multiple ...

Important: gimp security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:...

OESA-2025-2493 qt5-qtimageformats security update

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats. Security Fixes: When...

Linux Distros Unpatched Vulnerability : CVE-2025-5683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from...

Memory corruption with bitmap format images with negative height — Mozilla

Security researcher Frédéric Hoguin reported two related issues with the decoding of bitmap .BMP format images embedded in icon .ICO format files. When processing a negative "height" header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory...

VulnCheck KEV: CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."...

SuSE9 Security Update : gdk-pixbuf (YOU Patch Number 9368)

Three security vulnerabilities have been found in the loader for XPM images of the GTK library. These issues are : - Potential heap overflow in pixbufcreatefromxpm. CVE-2004-0782 - Potential stack overflow in xpmextractcolor. CVE-2004-0783 - Potential integer overflow in the ICO icon format loade...

CVE-2004-1049

CVE-2004-1049 affects Microsoft Windows LoadImage API (cursor/icon handling). The vulnerability arises from an integer overflow when processing certain image resources (e.g., .ani, .ico, .cur, .bmp), which can lead to heap memory corruption and remote code execution if a user opens a crafted file...

CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."...