CVE-2025-29769 libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input to HEIF output

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

CVE-2025-29769

CVE-2025-29769 affects libvips, where the heifsave path could mis-handle a multiband TIFF input (4 channels) and output HEIF with 3 channels, then attempt to write 4 channels, causing a heap-based buffer overflow and possible crash. Root cause: incorrect alpha-channel determination when colour in...

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues: CVE-2025-27795: Fixed missing image dimension resource limits in JXL bsc1239044 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...

GHSA-M5QC-5HW7-8VG7 image-size Denial of Service via Infinite Loop during Image Processing

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

image-size Denial of Service via Infinite Loop during Image Processing

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

PT-2025-14538 · Npm · Image-Size

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

PHPGurukul eLearning System 代码问题漏洞

PHPGurukul eLearning System is an eLearning system from PHPGurukul Inc. A code issue vulnerability exists in version 1.0 of the PHPGurukul eLearning System, which stems from an image processing component in the file /user/index.php that could lead to unlimited uploads...

Aim 资源管理错误漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.25.0 suffers from a resource management error vulnerability that stems from the tracking server's susceptibility to denial-of-service attacks, which may cause the server to be...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

Vulnerability of the file src/include/OpenImageIO/fmath.h: 983 lines of the OpenImageIO image processing library, allowing a hacker to execute arbitrary code.

Vulnerability of the file src/include/OpenImageIO/fmath.h:983. The OpenImageIO image processing library involves buffer overflow exploits. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2025-25301

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...

Linux Distros Unpatched Vulnerability : CVE-2017-9117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header matc...

Linux Distros Unpatched Vulnerability : CVE-2017-11449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial...

CVE-2025-25301 Rembg allows SSRF via /api/remove

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...

CVE-2025-25301

Summary: Rembg (Python) versions up to and including 2.0.57 are affected by an SSRF vulnerability in the /api/remove endpoint. The endpoint accepts a URL query parameter to fetch, process, and return an image, which can enable an attacker to request internal-network resources hosted by the rembg ...

Astra Linux - уязвимость в imagemagick

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service...

Unspecified Vulnerability in OpenImageIO

OpenImageIO is OpenImageIO open source an image processing library . With an easy to use interface and a large number of supported image formats. OpenImageIO security vulnerability , the vulnerability stems from the component / imagebuf.cpp in the allocation of the size of the over-sized error , ...

OpenImageIO Buffer Overflow Vulnerability

OpenImageIO is OpenImageIO open source an image processing library . With an easy to use interface and a large number of supported image formats. OpenImageIO suffers from a buffer overflow vulnerability that stems from a boundary error in the component /OpenImageIO/fmath.h when processing untrust...

CVE-2020-13561

An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from the disclosure of information during the processing of firmware image information during core initialization...