Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1814)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1814 advisory. libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to...

CVE-2026-33813 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

SUSE-SU-2026:21362-1 Security update for gnome-remote-desktop

This update for gnome-remote-desktop fixes the following issues: Update to version 48.3. Security issues fixed: - CVE-2025-5024: an unauthenticated attacker can exhaust system resources bsc1244053. Other updates and bugfixes: - Version update to 48.3: + Fix image corruption on some NVIDIA GPUs. -...

Security update for python-Pillow (important)

openSUSE security update: security update for python-pillow ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20458-1 Rating: important References: bsc1258125 Cross-References: CVE-2026-25990 CVSS scores: CVE-2026-25990 SUSE : 7.5...

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

GHSA-XXW5-M53X-J38C ImageMagick has heap use-after-free in the MSL encoder

A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage Shadow bytes around t...

ImageMagick has heap use-after-free in the MSL encoder

A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage Shadow bytes around t...

MiracleLinux 8 : exiv2-0.27.4-5.el8 (AXSA:2021-2752:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2752:04 advisory. exiv2: Heap-based buffer overflow in Jp2Image::readMetadata CVE-2021-3482 exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata...

Mozilla Firefox < 10.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 10.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-06 advisory. - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data...

EUVD-2012-3394

Malware in sbrugna...

EUVD-2018-19360

Malware in sbrugna...

EUVD-2021-1577

Malware in sbrugna...

EUVD-2017-8937

Malware in sbrugna...

EUVD-2018-5049

Malware in sbrugna...

EUVD-2021-1624

Malware in sbrugna...

EUVD-2019-3143

Malware in sbrugna...

EUVD-2024-26934

Malicious code in bioql PyPI...

EUVD-2025-11008

Malicious code in bioql PyPI...

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

PT-2025-23897 · Qt Company +1 · Qt +1

Name of the Vulnerable Software and Affected Versions: Qt versions 6.3.0 through 6.5.9 Qt versions 6.6.0 through 6.8.4 Qt version 6.9.0 Description: The issue occurs when a specifically crafted ICNS format image file is loaded in QImage, triggering a crash. Recommendations: For Qt versions 6.3.0...