CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

GO-2026-5032 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

7.5CVSS5.8AI score0.00042EPSS

Exploits0References3

SUSE CVE•added 2026/05/16 1:11 a.m.•4 views

SUSE CVE-2026-43909

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...

8.8CVSS5.9AI score0.00042EPSS

Exploits1References3

OSV•added 2026/05/04 9:27 p.m.•2 views

GHSA-HCWR-PQ9G-RQ3M apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...

7.5CVSS5.9AI score0.00018EPSS

Exploits0References5

CVE•added 2026/04/06 9:44 p.m.•67 views

CVE-2026-35444

The CVE-2026-35444 issue affects SDL_image’s XCF loader (src/IMG_xcf.c). In do_layer_surface(), pixel indices from decoded XCF tile data are used directly as colormap indices without validating against cm_num, enabling heap out-of-bounds reads (up to 762 bytes past the colormap allocation) for bo...

7.1CVSS5.9AI score0.00012EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/20 3:56 a.m.•3 views

CVE-2026-23876

A flaw was found in ImageMagick. A heap buffer overflow, a type of memory corruption, in the XBM image decoder ReadXBMImage allows a remote attacker to write controlled data beyond the allocated memory buffer when processing a maliciously crafted image file. This can lead to arbitrary code...

9.8CVSS6.1AI score0.00114EPSS

Exploits1References5

OSV•added 2025/12/17 8:15 p.m.•1 views

CVE-2025-34434

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...

9.1CVSS7.1AI score

Exploits0References4