CVE-2026-49136

Banana Slides (v0.4.0) contains a path traversal in ai service backend’s generate_image() that lets unauthenticated attackers read arbitrary image files outside the uploads directory. Root cause: incomplete path prefix check via os.path.startswith(), without a trailing separator, allowing crafted...

CVE-2026-42028

CVE-2026-42028 affects novaGallery (a PHP image gallery). Prior to version 2.1.1, there is a path traversal vulnerability that allows unauthenticated users to read image files outside the intended gallery root. The issue has been patched in version 2.1.1. The CVSS 3.1 base score is 5.3 (Medium), ...

ROS-20260401-73-0011

A vulnerability in the pngimagereaddirectscaled function of the libpng library is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to protected information or cause denial of service...

CLSA-2026-1773682345 Fix CVE(s): CVE-2026-25795

SECURITY UPDATE: null pointer dereference and crash during image reading - debian/patches/CVE-2026-25795.patch: Fix NULL pointer dereference by reordering DestroyImageInfo after copy of filename; cause: Free readinfo before access of readinfo-filename - CVE-2026-25795...

Access of Uninitialized Pointer

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

GHSA-8MPR-6XR2-CHHC ImageMagick: MSL - Stack overflow in ProcessMSLScript

Summary Magick fails to check for circular references between two MSLs, leading to a stack overflow. Details After reading a.msl using magick, the following is displayed: MSLStartElement - ReadImage - ReadMSLImage - ProcessMSLScript - xmlParseChunk - xmlParseTryOrFinish - MSLStartElement bash...

CLSA-2026-1772793148 Fix CVE(s): CVE-2026-25795

SECURITY UPDATE: null pointer dereference and crash in image reading - debian/patches/CVE-2026-25795.patch: Fix NULL pointer dereference; move DestroyImageInfo call after filename copy; cause: DestroyImageInfo was called before filename copy, freeing readinfo used to access filename. -...

Ubuntu: Security Advisory (USN-7953-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : PHP vulnerabilities (USN-7953-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7953-1 advisory. It was discovered that PHP incorrectly handled memory while reading images in multi-chunk mode. An...

USN-7953-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled memory while reading images in multi-chunk mode. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. CVE-2025-14177 It was discovered that PHP incorrectl...

AZL-73195 CVE-2025-14177 affecting package php for versions less than 8.3.29-1

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

CVE-2025-14177 Information Leak of Memory in getimagesize

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

CVE-2025-14177

Summary: CVE-2025-14177 affects PHP’s getimagesize() when reading multi-chunk images (e.g., via php://filter). Root cause is in php_read_stream_all_chunks() which overwrites the buffer without advancing the pointer, leaking uninitialized heap data and potentially exposing confidential information...

EUVD-2021-2188

Malware in sbrugna...

imagemagick: heap-buffer overflow read in MNG magnification with alpha

Vulnerability Details When performing image magnification in ReadOneMNGIMage in coders/png.c, there is an issue around the handling of images with separate alpha channels. When loading an image with a color type that implies a separate alpha channel ie. jngcolortype = 12, we will load the alpha...

[SECURITY] Fedora 42 Update: OpenImageIO-2.5.16.0-6.fc42

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

SUSE CVE-2024-28578

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the Load function when reading images in RAS format...

SUSE CVE-2024-28573

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the jpegreadexifprofile function when reading images in JPEG format...

CVE-2024-28576

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the opjj2ktcpdestroy function when reading images in J2K format...

UBUNTU-CVE-2024-28574

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the opjj2kcopydefaulttcpandcreatetcd function when reading images in J2K format...