19 matches found
EUVD-2026-29283
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory...
Adobe SDK 1.7.1 2410 Overflow Analysis / Fuzzing Model
This Python script implements a comprehensive framework to model, detect, and analyze integer overflows in 32-bit arithmetic, particularly in the context of image memory allocation. The framework combines formal methods, stepwise arithmetic, symbolic execution, SMT-style constraint solving,...
OPENSUSE-SU-2026:20113-1 Security update for php8
This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in...
SUSE SLES15: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (SUSE-SU-2026:0086-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0086-1 advisory. Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading imag...
SUSE-SU-2026:0086-1 Security update for php8
This update for php8 fixes the following issues: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element...
EUVD-2015-8625
Malware in sbrugna...
Malicious code in image-memory (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40ad268d8e5d26e3c122a979160b815c349dc3cd4d22004530c3a5ca5c4299a9 The OpenSSF Package Analysis project identified 'image-memory' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-41298 Malicious code in image-memory (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40ad268d8e5d26e3c122a979160b815c349dc3cd4d22004530c3a5ca5c4299a9 The OpenSSF Package Analysis project identified 'image-memory' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...
CVE-2024-54500
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory...
[SECURITY] Fedora 39 Update: libclc-17.0.2-1.fc39
libclc is an open source, BSD licensed implementation of the library requirements of the OpenCL C programming language, as specified by the OpenCL 1.1 Specification. The following sections of the specification impose library requirements: 6.1: Supported Data Types 6.2.3: Explicit Conversions...
CVE-2023-23534
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory...
CVE-2022-41727 Denial of service via crafted TIFF image in golang.org/x/image/tiff
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service...
Nextcloud server denial of service vulnerability (CNVD-2022-20690)
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server has a denial of service vulnerability that stems from a networked system or product that does not properly validate data boundaries when performing...
CVE-2021-27622
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory whic...
PT-2021-17557 · Sap · Sap Internet Graphics Server
Name of the Vulnerable Software and Affected Versions: SAP Internet Graphics Service versions 7.20, 7.20EXT, 7.53, 7.20 EX2, 7.81 Description: The issue allows an unauthenticated attacker to submit a malicious request over a network after retrieving an existing system state value. This is due to...
SAP Internet Graphics Service 缓冲区错误漏洞
SAP Internet Graphics Service is a component of the SAP R/3 enterprise environment that provides graphics services. A memory corruption vulnerability exists in SAP Internet Graphics Service that originates from an input validation error in CDrawRaster::LoadImageFromMemory. An unauthenticated...
MGASA-2020-0337 Updated jasper packages fix security vulnerabilities
The jasmatrixbindsub function in jasseq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service invalid read via a crafted image CVE-2017-6851. Heap-based buffer overflow in the jpcdecdecodepkt function in jpct2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified...
UBUNTU-CVE-2018-5160
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox 60...
UBUNTU-CVE-2018-6405
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service...