15 matches found
CVE-2026-49136
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...
CVE-2026-49136 Banana Slides 0.4.0 Path Traversal via generate_image() in ai_service.py
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...
PT-2026-45559
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate image function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplet...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the setimage functions in encode.c and decode.c, which are exploitable via Image.open. An attacker can execute arbitrary code by supplying a malicious PSD image file with tile dimensions that trigger integer...
GHSA-CFH3-3JMP-RVHC Pillow affected by out-of-bounds write when loading PSD images
Impact An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow = 10.3.0 users are affected. Patches Pillow 12.1.1 will be released shortly with a fix for this. Workarounds Image.open has a formats parameter that can be used to prevent PSD images from being opene...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the setimage functions in encode.c and decode.c, which are exploitable via Image.open. An attacker can execute arbitrary code by supplying a malicious PSD image file. Remediation Upgrade pillow to version 12.1.1 o...
Linux Distros Unpatched Vulnerability : CVE-2019-13574
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly...
Linux Distros Unpatched Vulnerability : CVE-2021-28675
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data...
PYSEC-2021-139
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...
Design/Logic Flaw
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...
CVE-2021-28675
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...
OS Command Injection
minimagick is vulnerable to OS command injection. The input to Image.open is passed directly to Kernelopen, which accepts the | character. This allows a remote attacker to inject arbitrary OS command via a malicious image filename...
DEBIAN-CVE-2019-13574
In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...
dt-chocolate - Image Open redirect
The dt-chocolate WordPress theme was affected by an Image Open redirect security vulnerability...
WordPress DT Chocolate Theme - Image Open redirect
This theme is prone to an image open redirect vulnerability. Solution Update the theme...