Pillow vulnerability can cause write buffer overflow on BCn encoding

There is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. Unclear how large the potential...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing bsc1241659. CVE-2025-46393: mishandling of packetsize and rendering of channels in arbitrary order in multispectral MIF...

SUSE-SU-2025:02188-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing bsc1241659. - CVE-2025-46393: mishandling of packetsize and rendering of channels in arbitrary order in multispectral...

CVE-2024-46993 Electron Vulnerable to Heap Buffer Overflow in NativeImage::CreateFromPath

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath and nativeImage.createFromBuffer functions call a function downstream that is vulnerable to a heap...

Volkswagen MIB3 Infotainment 安全漏洞

Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in Volkswagen MIB3 Infotainment that originates from a heap buffer overflow in an image processing binary and could lead to an attacker executing arbitrary code...

Volkswagen MIB3 Infotainment 安全漏洞

Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in Volkswagen MIB3 Infotainment that originates from an integer overflow in an image processing binary file, which could lead to a system denial of service...

Volkswagen MIB3 Infotainment 安全漏洞

Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in Volkswagen MIB3 Infotainment, which originates from an integer overflow in an image processing binary, which could lead to a denial of service in the infotainment system...

TencentOS Server 3: python-pillow (TSSA-2022:0012)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0012 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2025-972)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-972 advisory. In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 Tenable has extracted the preceding description block directly from the...

CVE-2025-48798

Summary (CVE-2025-48798) : GIMP processing XCF files is vulnerable to memory errors, including use-after-free, triggered by specially crafted images. Connected advisories confirm multiple related GIMP in Xen parsers (XCF/TGA/ICO) vulnerabilities (e.g., CVE-2025-48797, CVE-2025-48798, CVE-2025-547...

CVE-2024-27836

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2024-23257

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, visionOS 1.1. Processing an image may result in disclosure of process memory...

CVE-2024-23286

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing an image may lead to arbitrary code...

CVE-2024-54500

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may result in disclosure of process memory...

CVE-2024-44142

The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2024-41132

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

CVE-2023-27939

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory...

CVE-2023-23519

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service...

CVE-2023-32384

A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution...