CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

CVE-2025-66617

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

MiracleLinux 8 : python-pillow-5.1.1-16.el8 (AXSA:2021-2760:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2760:01 advisory. python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25287 python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25288...

JLSEC-2025-289 processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow ...

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image...

Linux Distros Unpatched Vulnerability : CVE-2019-5059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integ...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...

CVE-2018-11507

An issue was discovered in Free Lossless Image Format FLIF 0.3. An attacker can trigger a long loop in imageloadpnm in image/image-pnm.cpp...

SUSE CVE-2016-8683

The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."...

The vulnerability of the Grub configuration file, related to writing beyond the buffer boundaries, allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Grub configuration file is related to writing beyond the buffer’s boundaries. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and even cause a service failure using a specially created JPEG image...

MediaTek 芯片安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in MediaTek jpeg that stems from a memory reuse after release issue...

ok-file-formats 缓冲区错误漏洞

ok-file-formats is an open source decoder for PNG, JPEG, WAV and several other file formats. A buffer error vulnerability exists in ok-file-formats 1, which stems from a heap-based buffer overflow vulnerability in the okjpggeneratehuffmantable function in okjpg.c in the software...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS ImageIO, which stems from crafted data in a PICT image that can trigger a read beyond the end of an allocated data structure, and can be exploited by an attacker...

The vulnerability of the HEIF Image Extension relates to improper handling of the code generation process, allowing an attacker to execute arbitrary code.

The vulnerability of the HEIF Image Extension is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the WebP image extension lies in the lack of protection for service data, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the WebP image extension relates to the lack of protection for service data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

CVE-2020-6151

A memory corruption vulnerability exists in the TIFF handleCOMPRESSIONPACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

Free Lossless Image Format Buffer Overflow Vulnerability

Free Lossless Image Format FLIF is a lossless image format. A buffer overflow vulnerability exists in imagesavepng in the image/image-png.cpp file in FLIF version 0.3. The vulnerability stems from a networked system or product performing operations in memory without properly validating data...

CVE-2018-3860

An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability...

FastStone Image Viewer Denial of Service Vulnerability (CNVD-2018-14268)

FastStone Image Viewer is an image viewer that supports image browsing, format conversion, editing and more. A security vulnerability exists in FastStone Image Viewer version 6.2, which originates from the FSViewer.exe program failing to properly handle malformed JPEG files. An attacker can explo...

Silicon Graphics LibTIFF 'TIFFWriteDirectoryTagCheckedLong8Array' Function Denial of Service Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in the 'TIFFWriteDirectoryTagCheckedLong8Array' function in...

The vulnerabilities of programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat allow attackers to execute arbitrary code.

The vulnerability of JPEG 2000 components in programs for viewing and editing PDF files, such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat, is related to reading beyond the buffer limit and memory corruption due to image scaling. Exploiting this...