Lucene search
K

453 matches found

OSV
OSV
added 2026/07/02 8:45 p.m.4 views

GHSA-5PMV-RX8R-WMV5 jxl-grid on 32-bit platforms has an out-of-bounds writes due to integer overflow

Summary On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use Address Sanitizer, which ignores...

7.3CVSS6.3AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.6 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 9:16 p.m.4 views

DEBIAN-CVE-2026-46604

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 9:22 p.m.55 views

CVE-2026-46523

CVE-2026-46523 is a use-after-free in ImageMagick’s MSL image handling. A crafted MSL image can trigger a heap-use-after-free, affecting versions prior to 7.1.2.23 and 6.9.13-48. The issue is fixed in 7.1.2.23 and 6.9.13-48. If you rely on ImageMagick, upgrade to one of the fixed releases to reme...

7.5CVSS5.4AI score0.00301EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/06/09 10:23 a.m.9 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload through the image decoding process. An attacker can cause the server process to crash by uploading a specially crafted TIFF file that triggers excessive memory allocation. Remediation Upgrade...

7.1CVSS5.4AI score0.00479EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.97 views

Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1814)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1814 advisory. libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to...

8.8CVSS6AI score0.00514EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.12 views

PT-2026-49255

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.4AI score
Exploits0References3
Cvelist
Cvelist
added 2026/05/29 6:36 p.m.37 views

CVE-2026-42500 Panic when reading out of bound palette index in golang.org/x/image/bmp

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

0.00384EPSS
Exploits0References4
RustSec
RustSec
added 2026/05/29 12:0 p.m.16 views

Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms

On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...

6.2AI score
Exploits0Affected Software1
NVD
NVD
added 2026/05/27 3:16 p.m.11 views

CVE-2025-70103

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

7.3CVSS0.00367EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 12:0 a.m.41 views

CVE-2025-70103

CVE-2025-70103 is a heap buffer overflow in libjxl 0.12.0 triggered by crafted PBM images, targeting the jxl::extras::DecodeImagePNM function in lib/extras/dec/pnm.cc . The CVSSv3.1 base score is 7.3 (HIGH) with a NETWORK attack vector, requiring no privileges and only user interaction, and impac...

7.3CVSS6AI score0.00367EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: spice (UTSA-2026-016604)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016604 advisory. Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE clie...

6.6CVSS7.2AI score0.02656EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.57 views

Linux Distros Unpatched Vulnerability : CVE-2026-32741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When...

7.1CVSS6AI score0.00343EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.18 views

SUSE CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

7.8CVSS5.8AI score0.00514EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.15 views

SUSE CVE-2026-32741

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When decoding a HEIF file containing a mask image mski, the function copies the full iloc extent data into a pixel buffer using memcpydst,...

6.1CVSS5.9AI score0.00343EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.16 views

SUSE CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

5.5CVSS5.7AI score0.00303EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in libpng1.6

A issue has been identified in third-party PNM decoding related to libpng 1.6.35. It is a stack-based buffer overflow in the gettoken function located in the pnm2png.c file within pnm2png...

8.8CVSS6.9AI score0.03554EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/19 11:9 p.m.14 views

CVE-2026-32741

A flaw was found in libheif, a library for decoding and encoding HEIF High Efficiency Image File Format and AVIF files. A remote attacker could exploit a heap buffer overflow vulnerability in the MaskImageCodec::decodemaskimage function by providing a specially crafted HEIF file containing a mask...

7.1CVSS6AI score0.00343EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/19 9:51 p.m.9 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the image decoding process when handling grid tile chroma compositing. An attacker can execute arbitrary code or cause a denial of service by crafting a specially designed HEIF/AVIF file with a 1×4 grid of...

8.8CVSS6.2AI score0.00514EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 9:16 p.m.10 views

DEBIAN-CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References1
Rows per page
Query Builder