CVE-2026-39396

A flaw was found in OpenBao. An attacker who controls or compromises the Open Container Initiative OCI registry can exploit a vulnerability in OpenBao's OCI plugin downloader. By serving a specially crafted container image, the attacker can cause the system to decompress an arbitrarily large file...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

EUVD-2025-204541

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

CVE-2025-66909

Turms AI-Serving module prior to v0.10.0 is affected by an image decompression bomb DoS. The ExtendedOpenCVImage class uses OpenCV imread() without validating image dimensions or pixel count before decompression, allowing a crafted compressed image (e.g., PNG) to expand to gigabytes in memory, ca...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

EUVD-2021-25624

Malware in sbrugna...

EUVD-2015-0031

Malware in sbrugna...

UBUNTU-CVE-2024-56827

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opjdecompress utility. This can lead to an application crash or other undefined behavior...

GHSA-59W8-4WM2-4XW8 Django Image Field Vulnerable to Image Decompression Bombs

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

USN-4923-1: EDK II vulnerabilities

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...

USN-4923-1 edk2 vulnerabilities

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...

DEBIAN-CVE-2014-9601

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed...

IrfanView - '.RLE' Image Decompression Buffer Overflow

Application: IrfanView RLE Image Decompression Buffer Overflow Vulnerability Plateform: Windows Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected. Exploitation: Remote code execution Secunia Number: SA49856 PRL: 2012-32 Author: Francis Provencher Prot...

IrfanView - '.TIF' Image Decompression Buffer Overflow

Application: IrfanView TIF Image Decompression Buffer Overflow Vulnerability Plateform: Windows Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected. Exploitation: Remote code execution Secunia Number: SA49856 PRL: 2012-31 Author: Francis Provencher Prot...

Fedora 10 : OpenEXR-1.6.1-8.fc10 (2009-8136)

Wed Jul 29 2009 Rex Dieter 1.6.1-8 - CVE-2009-1720 OpenEXR: Multiple integer overflows 513995 - CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression 514003 - Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora12MassRebuild - Mon...

Fedora 11 : OpenEXR-1.6.1-8.fc11 (2009-8132)

Wed Jul 29 2009 Rex Dieter 1.6.1-8 - CVE-2009-1720 OpenEXR: Multiple integer overflows 513995 - CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression 514003 - Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora12MassRebuild Note...