CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

EUVD-2026-31427

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

CVE-2026-41309

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

CVE-2026-34378

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

stb 资源管理错误漏洞

STB is a public domain library for C/C++ developed by Sean Barrett. Versions of STB prior to 2.30 contained a resource management vulnerability, which stemmed from incorrect operations on the stbiloadgifmain function in the stbimage.h file. This vulnerability could lead to double deallocation of...

CVE-2026-27211

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

UBUNTU-CVE-2025-66628

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...

PT-2025-41514

Name of the Vulnerable Software and Affected Versions libpadm.so versions prior to SMR Oct-2025 Release 1 Description An out-of-bounds write exists in the parsing header for JPEG decoding. This issue can lead to memory corruption for local attackers. The vulnerable component is libpadm.so...

EUVD-2016-1720

Malware in sbrugna...

EUVD-2018-19432

Malware in sbrugna...

EUVD-2017-2715

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-3850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 2013 devices allows attackers to gain...

Linux Distros Unpatched Vulnerability : CVE-2018-16981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stb stbimage.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbioutgifcode function. CVE-2018-16981 Note tha...

Linux Distros Unpatched Vulnerability : CVE-2021-45340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stbimage.h component of libsixel allows attackers to cause a denial of service DOS...

Linux Distros Unpatched Vulnerability : CVE-2022-29977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an assertion failure error in stbijpeghuffdecode, stbimage.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to...

Linux Distros Unpatched Vulnerability : CVE-2017-6596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An...

Use of Uninitialized Variable

Overview Affected versions of this package are vulnerable to Use of Uninitialized Variable due to the absent check of pimage value before calling opjj2kreadheader function. An attacker can achieve arbitrary code execution or cause a denial of service by supplying a specially crafted image file...

CVE-2018-7717

The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended SIGE extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1...