CVE-2026-42443

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the XMP profile handling process. An attacker can cause a crash by providing a specially crafted image file that triggers the reading and printing of values from an invalid XMP profile. Remediation A fix was pushed int...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the ClonePixelCacheRepository function. An attacker can cause a crash of the application by supplying a specially crafted image file. Remediation A fix was pushed into the master branch but not yet published...

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the MSL interpreter. An attacker can cause the application to crash by submitting an image file containing a malicious MSL element. Remediation A fix was pushed into the master branch but not yet published...

PT-2026-3759

Name of the Vulnerable Software and Affected Versions ImageMagick versions 14.10.1 and below ImageMagick version 7.x Description ImageMagick, a free and open-source software for editing and manipulating digital images, contains a NULL pointer dereference issue in the MSL Magick Scripting Language...

EUVD-2016-9531

Malware in sbrugna...

EUVD-2016-9534

Malware in sbrugna...

EUVD-2005-1109

Malware in sbrugna...

EUVD-2017-2981

Malware in sbrugna...

EUVD-2017-18082

Malware in sbrugna...

EUVD-2018-11546

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-1010065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfsdent.c:237. The compone...

Linux Distros Unpatched Vulnerability : CVE-2025-5683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from...

ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash

Summary Passing a geometry string containing only a colon ":" to montage -geometry leads GetGeometry to set width/height to 0. Later, ThumbnailImage divides by these zero dimensions, triggering a crash SIGFPE/abort, resulting in a denial of service. Details Root Cause 1. montage -geometry ":"...

Security advisory: Recently discovered issue in ICNS image format handling impacts Qt

When loading a specifically crafted ICNS format image file then it will trigger a crash. This has been assigned the CVE id CVE-2025-5683. Affected versions: All versions of Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1. Impact: If...

Linux Distros Unpatched Vulnerability : CVE-2014-8130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFFmalloc function in tifunix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service divide-by-zero err...

PT-2023-4823 · Libtiff +5 · Libtiff +5

Name of the Vulnerable Software and Affected Versions: LibTIFF affected versions not specified Description: The issue is related to a null pointer dereference in the tif dir.c file of the LibTIFF library. This may allow an attacker to cause a denial of service by passing a crafted TIFF image file...

SUSE CVE-2018-20189

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping which is not available beyond 8-bits/sample, and therefore lacks indexes...

SUSE CVE-2021-3443

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

DEBIAN-CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input...