EUVD-2025-210287

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

CVE-2026-4367

LibXpm vulnerability CVE-2026-4367: a local user can trigger an out-of-bounds read in xpmNextWord() while parsing XPM images, potentially crashing the process and causing DoS. Concrete details across connected docs show the flaw resides in libXpm, with impact limited to availability (I) and no co...

PT-2026-49754

Name of the Vulnerable Software and Affected Versions DNG SDK versions prior to 1.7.1 2536 Description A Heap-based Buffer Overflow occurs when a program writes more data to a heap-allocated memory block than it can hold, potentially corrupting adjacent memory. This issue could result in arbitrar...

PT-2026-49335

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

SUSE CVE-2026-46522

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the iss...

CVE-2026-48734 ImageMagick: Stack Overflow in MVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

EUVD-2026-36171

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

Apache Answer 代码问题漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the upload of dangerous types of files. Custom TIFF images might trigger...

CVE-2026-8454

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The...

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

7-Zip 缓冲区错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.34 to 26.00 of 7-Zip contain a buffer error vulnerability. This vulnerability stems from improper handling of WIM archive processors’ security descriptor lookups, leading to out-of-bounds read attacks, which may result in...

Fedora 44 : mingw-objfw (2026-59c21cd48b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-59c21cd48b advisory. Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler. ---- Update to 1.5.3 Tenab...

Fedora 43 : objfw (2026-dd875b58bb)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dd875b58bb advisory. Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler. ---- Update to 1.5.3 Tenab...

Fedora 43 : mingw-objfw (2026-67762cee82)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-67762cee82 advisory. Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler. ---- Update to 1.5.3 Tenab...

Fedora 44 : objfw (2026-f9938a84c7)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f9938a84c7 advisory. Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler. ---- Update to 1.5.3 Tenab...

CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

ImageMagick security vulnerabilities

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. ImageMagick has security vulnerabilities; these vulnerabilities stem from infinite loops in the MIFF decoder, which can lead to CPU...

RLSA-2026:19363 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

[SECURITY] Fedora 43 Update: rust-eif_build-0.2.1-7.fc43

This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...

[SECURITY] Fedora 44 Update: rust-eif_build-0.2.1-7.fc44

This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...