CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

CVE-2025-66617

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

MiracleLinux 8 : python-pillow-5.1.1-16.el8 (AXSA:2021-2760:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2760:01 advisory. python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25287 python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25288...

JLSEC-2025-289 processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow ...

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image...

Linux Distros Unpatched Vulnerability : CVE-2019-5059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integ...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...

CVE-2018-11507

An issue was discovered in Free Lossless Image Format FLIF 0.3. An attacker can trigger a long loop in imageloadpnm in image/image-pnm.cpp...

SUSE CVE-2016-8683

The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."...

MediaTek 芯片安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in MediaTek jpeg that stems from a memory reuse after release issue...

ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and several other file formats. A buffer error vulnerability exists in ok-file-formats 1, which stems from a heap-based buffer overflow vulnerability in the okjpggeneratehuffmantable function in okjpg.c in the software...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS ImageIO, which stems from crafted data in a PICT image that can trigger a read beyond the end of an allocated data structure, and can be exploited by an attacker...

CVE-2020-6151

A memory corruption vulnerability exists in the TIFF handleCOMPRESSIONPACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

Free Lossless Image Format Buffer Overflow Vulnerability

Free Lossless Image Format FLIF is a lossless image format. A buffer overflow vulnerability exists in imagesavepng in the image/image-png.cpp file in FLIF version 0.3. The vulnerability stems from a networked system or product performing operations in memory without properly validating data...

CVE-2018-3860

An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability...

FastStone Image Viewer Denial of Service Vulnerability (CNVD-2018-14268)

FastStone Image Viewer is an image viewer that supports image browsing, format conversion, editing and more. A security vulnerability exists in FastStone Image Viewer version 6.2, which originates from the FSViewer.exe program failing to properly handle malformed JPEG files. An attacker can explo...

Silicon Graphics LibTIFF 'TIFFWriteDirectoryTagCheckedLong8Array' Function Denial of Service Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in the 'TIFFWriteDirectoryTagCheckedLong8Array' function in...

UBUNTU-CVE-2016-5652

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...

UBUNTU-CVE-2016-6906

The readimagetga function in gdtga.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...

openmotif21 stack overflows in libxpm

Multiple stack-based buffer overflows in 1 xpmParseColors in parse.c, 2 ParseAndPutPixels in create.c, and 3 ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file...

Opera Images (GM#004-OP)

GreyMagic Security Advisory GM004-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm004-op/. Topic: Opera Images. Discovery date: 29 Jan 2003. Affected applications: ====================== Opera 7...