CVE-2026-33813 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

SUSE-SU-2026:21362-1 Security update for gnome-remote-desktop

This update for gnome-remote-desktop fixes the following issues: Update to version 48.3. Security issues fixed: - CVE-2025-5024: an unauthenticated attacker can exhaust system resources bsc1244053. Other updates and bugfixes: - Version update to 48.3: + Fix image corruption on some NVIDIA GPUs. -...

Security update for python-Pillow (important)

openSUSE security update: security update for python-pillow ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20458-1 Rating: important References: bsc1258125 Cross-References: CVE-2026-25990 CVSS scores: CVE-2026-25990 SUSE : 7.5...

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

GHSA-XXW5-M53X-J38C ImageMagick has heap use-after-free in the MSL encoder

A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage Shadow bytes around t...

ImageMagick has heap use-after-free in the MSL encoder

A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage Shadow bytes around t...

MiracleLinux 8 : exiv2-0.27.4-5.el8 (AXSA:2021-2752:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2752:04 advisory. exiv2: Heap-based buffer overflow in Jp2Image::readMetadata CVE-2021-3482 exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata...

Mozilla Firefox < 10.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 10.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-06 advisory. - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data...

EUVD-2012-3394

Malware in sbrugna...

EUVD-2021-1624

Malware in sbrugna...

EUVD-2021-1577

Malware in sbrugna...

EUVD-2019-3143

Malware in sbrugna...

EUVD-2018-19360

Malware in sbrugna...

EUVD-2018-5049

Malware in sbrugna...

EUVD-2017-8937

Malware in sbrugna...

EUVD-2025-11008

Malicious code in bioql PyPI...

EUVD-2024-26934

Malicious code in bioql PyPI...

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

PT-2025-23897 · Qt Company +1 · Qt +1

Name of the Vulnerable Software and Affected Versions: Qt versions 6.3.0 through 6.5.9 Qt versions 6.6.0 through 6.8.4 Qt version 6.9.0 Description: The issue occurs when a specifically crafted ICNS format image file is loaded in QImage, triggering a crash. Recommendations: For Qt versions 6.3.0...

CVE-2019-10531

Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439...