CLSA-2025-1745531344 libtiff: Fix of 2 CVEs

CVE-2023-40745: prevent integer overflow on hostile images to avoid heap-based buffer overflow and potential code execution - CVE-2023-41175: address integer overflows and bypass in raw2tiff.c to prevent heap-based buffer overflow and potential code execution...

SUSE CVE-2025-43965

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size due to mishandling of image depth after SetQuantumFormat is used. An attacker can manipulate the image processing results by submitting a specially crafted MIFF file. Remediation A fix was pushed int...

CVE-2025-46393

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

CVE-2025-46393

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

CVE-2025-43965

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...

DEBIAN-CVE-2025-43965

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...

UBUNTU-CVE-2025-43965

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...

CVE-2025-43965

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...

CVE-2025-43965

ImageMagick’s CVE-2025-43965 affects MIFF image processing where image depth is mishandled after SetQuantumFormat, in builds prior to 7.1.1-44. Affected product: ImageMagick. Root cause: mishandling of image depth during MIFF processing when SetQuantumFormat is used (no additional details provide...

CVE-2025-46393

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

CVE-2025-43965

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...

CVE-2025-46393

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

[SECURITY] Fedora 41 Update: giflib-5.2.2-6.fc41

giflib is a library for reading and writing gif images...

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

PbootCMS 安全漏洞

PbootCMS is a PbootCMS open source content management system CMS for building websites for open source businesses developed using the PHP language. A security vulnerability exists in PbootCMS version 3.2.5, which stems from a server-side request forgery issue in the image processing component...

Adobe Photoshop Desktops Heap Buffer Overflow Vulnerability

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. A heap buffer overflow vulnerability exists in Adobe Photoshop Desktops. The vulnerability is due to a failure to perform strict checksums on memory...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing large EXIF data structures. An attacker can cause denial of service by sending malicious images. Remediation Upgrade github.com/bep/imagemeta to version 0.10.0 or...

CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...