libheif 信息泄露漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contained a vulnerability known as information leakage. This vulnerability occurred when decoding grid images, where tile regions that failed to...

GHSA-5R4X-W6P5-222Q ImageMagick: Use-After-Free in MSL decoder.

A crafted MSL image can trigger a heap-use-after-free...

Infinite loop

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Infinite loop

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809

Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33809 DESCRIPTION: A maliciously craft...

Astra Linux - уязвимость в libpng1.6

A issue has been identified in third-party PNM decoding related to libpng 1.6.35. It is a stack-based buffer overflow in the gettoken function located in the pnm2png.c file within pnm2png...

CLSA-2026-1777552532 Fix CVE(s): CVE-2025-64720, CVE-2025-65018

No-source-change rebuild against libpng = 1.6.37-2+tuxcare.els2 to pick up the libpng security fixes for: - CVE-2025-64720: pngimagereadcomposite OOB read on palette images with PNGFLAGOPTIMIZEALPHA libpng 1.6.51. - CVE-2025-65018: pngimagefinishread heap buffer overflow on 16-bit interlaced PNGs...

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signe...

SAIL 安全漏洞

SAIL is an open-source image decoding library developed by SAIL. SAIL has a security vulnerability, which stems from inconsistencies in pixel format parsing and byte swapping code within the XWD encoder/decoder. This vulnerability may lead to out-of-bound memory access...

[SECURITY] Fedora 44 Update: libkdcraw-26.03.80-2.fc44

Libkdcraw is a C++ interface around LibRaw library used to decode RAW picture files. More information about LibRaw can be found at http://www.libraw.org...

[SECURITY] Fedora 44 Update: kf5-libkdcraw-23.08.5-7.fc44

Libkdcraw is a C++ interface around LibRaw library used to decode RAW picture files. More information about LibRaw can be found at http://www.libraw.org...

CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

EUVD-2026-20922

A heap buffer overflow vulnerability exists during the decoding of PALETTE COLOR DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memor...

DEBIAN-CVE-2026-5442

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation VR Unsigned Long UL, instead of the expected VR Unsigned Short US, which allows extremely large dimensions to be processed. This causes an integer overflow during frame...

UBUNTU-CVE-2026-5442

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation VR Unsigned Long UL, instead of the expected VR Unsigned Short US, which allows extremely large dimensions to be processed. This causes an integer overflow during frame...

CVE-2026-5443

CVE-2026-5443 describes a heap buffer overflow during decoding of PALETTE COLOR DICOM images. The pixel length validation uses 32-bit multiplication for width × height, and if these values overflow, the validation may wrongly succeed, allowing the decoder to read and write beyond allocated buffer...

Orthanc 安全漏洞

Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from a heap buffer overflow in the DICOM image decoder. This vulnerability may lead to integer overflows and out-of-bound memory accesses during image decoding...

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

Information Disclosure

openexr is vulnerable to an information disclosure. The vulnerability is due to improper handling of heap memory during image decoding, which allows an attacker to craft a malicious EXR file that leaks sensitive memory data when processed...

MuPDF by Artifex contains integer overflow vulnerability.

Overview Artifex's MuPDF contains an integer overflow vulnerability, CVE-2026-3308, in versions up to and including 1.27.0. Using a specially crafted PDF, an attacker can trigger an integer overflow resulting in out-of-bounds heap writes. This heap corruption typically causes the application to...