Astra Linux - уязвимость в imagemagick

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets were causing undefined behavior, including integer overflow and out-of-range values, as reported by UndefinedBehaviorSanitizer. Such issues could negatively...

MiracleLinux 8 : libarchive-3.3.3-7.el8_10 (AXSA:2026-475:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-475:03 advisory. libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4424 libarchive: libarchive: Arbitrary...

Important: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RockyLinux 8 : libarchive (RLSA-2026:8534)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8534 advisory. libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4424 libarchive: libarchive: Arbitrary code...

CVE-2019-25556

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...

CVE-2019-25556

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-latest-openjdk packages fix security vulnerabilities

LIBPNG is vulnerable to a buffer overflow in pngimagereadcomposite via incorrect palette premultiplication. CVE-2025-64720 LIBPNG is vulnerable to a heap buffer overflow in pngcombinerow triggered via pngimagefinishread. CVE-2025-65018 Improve JMX connections. CVE-2026-21925 Improve HttpServer...

Linux Distros Unpatched Vulnerability : CVE-2025-66628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a...

MGASA-2025-0314 Updated libpng packages fix security vulnerabilities

LIBPNG is vulnerable to a heap buffer overflow in pngdoquantize via malformed palette index. CVE-2025-64505 LIBPNG is vulnerable to a heap buffer over-read in pngwriteimage8bit with grayscale+alpha or RGB/RGBA images. CVE-2025-64506 LIBPNG is vulnerable to a buffer overflow in pngimagereadcomposi...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libvpx vulnerability (USN-7249-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7249-1 advisory. Xiantong Hou discovered that libvpx would overflow when attempting to allocate memory for very large images. If an application using libvp...

AZL-39097 CVE-2022-36764 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

SUSE CVE-2023-43787

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges...

SUSE CVE-2008-1373

Buffer overflow in the gifreadlzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large codesize value, a similar issue to CVE-2006-4484...

SUSE CVE-2009-0723

Multiple integer overflows in LittleCMS aka lcms or liblcms before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained fr...

SUSE CVE-2012-1610

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service out-of-bounds read via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete f...

SUSE CVE-2016-9557

Integer overflow in jasimage.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service application crash via a crafted file...

SUSE CVE-2017-7976

Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2imagecompose function in jbig2image.c during operations on a crafted .jb2 file, leading to a denial of service application crash or disclosure of sensitive information from process memory...

SUSE CVE-2017-14173

In the function ReadTXTImage in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRangedepth+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a...