57 matches found
CVE-2026-14454 Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...
JLSEC-2026-545
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...
PT-2026-47109
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...
CVE-2026-5755
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...
CVE-2026-33414
Summary: CVE-2026-33414 affects Podman
CVE-2020-37073
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...
CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...
CVE-2020-37073
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...
PT-2026-5824
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file...
CVE-2020-36942
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser...
EUVD-2020-30860
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser...
EUVD-2006-0515
Malware in sbrugna...
EUVD-2018-13189
Malware in sbrugna...
EUVD-2018-13198
Malware in sbrugna...
EUVD-2018-13194
Malware in sbrugna...
EUVD-2022-7777
Malicious code in bioql PyPI...
PT-2025-1976 · WordPress · Connections Business Directory
Name of the Vulnerable Software and Affected Versions: Connections Business Directory plugin for WordPress versions up to, and including, 10.4.66 Description: The issue is related to insufficient file path validation when deleting a connections image directory, allowing authenticated attackers wi...
SUSE CVE-2005-1043
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service memory consumption and crash via an EXIF header with a large IFD nesting level, which causes significant stack recursion...
SUSE CVE-2011-0708
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...
SUSE CVE-2021-29338
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...