SUSE CVE-2018-7713

The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service assertion failure because size.width = 120 may be false. Note: “OpenCV CVAssert is not an assertion C-like assert, it is regular C++ exception which can...

CLSA-2026-1778860714 gimp: Fix of 2 CVEs

CVE-2026-4153: fix heap-based buffer overflow in PSP file parser by computing proper linewidth for bit depths 1 and 4 with small widths - CVE-2026-4154: fix integer overflow and buffer overflow in XPM file parser by adding GIMPMAXIMAGESIZE bounds checks and using gtrynew...

Astra Linux - уязвимость в pillow

In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for an ICO container. As a result, a memory allocation attempt can be quite large...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017483 advisory. Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for an IC...

Astra Linux - уязвимость в gimp

A flaw was discovered in GIMP. A integer overflow vulnerability exists in the GIMP “Despeckle” plug-in. The issue arises due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel imgbpp. This can lead to insufficient memory allocation and subsequent...

Astra Linux - уязвимость в firefox

When dragging and dropping an image across origins, the size of the image may be leaked. This behavior was present in version 109 and caused web compatibility issues, as well as this security concern. Therefore, this behavior was disabled until further review. This vulnerability affects Firefox...

Astra Linux - уязвимость в pillow

In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for a BLP container. As a result, a memory allocation attempt can be quite large...

CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

PT-2026-34842

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi remove custom image size' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with...

PT-2026-34840

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 times 10000$ pixels. While the compressed file size ...

Allocation of Resources Without Limits or Throttling

Overview nuxt-og-image is an Enlightened OG Image generation for Nuxt. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unbounded width and height parameters in the image generation. An attacker can exhaust server memory and cause...

CVE-2026-34404

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...

Pixarra TwistedBrush Pro Studio 缓冲区错误漏洞

Pixarra TwistedBrush Pro Studio is a digital painting software developed by the American company Pixarra. Version 24.06 of Pixarra TwistedBrush Pro Studio has a buffer overflow vulnerability. This vulnerability arises from the excessive length of the buffer entered during the image size adjustmen...

Pixarra Selfie Studio 缓冲区错误漏洞

Pixarra Selfie Studio is a photo shooting and beautification tool developed by the American company Pixarra. Version 2.17 of Pixarra Selfie Studio has a buffer overflow vulnerability. This vulnerability arises from the excessive length of the buffer entered during the image size adjustment...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

ALSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

navidrome -- multiple vulnerabilities

An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL...

Important: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

MiracleLinux 8 : php:8.2 (AXSA:2026-124:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-124:01 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML...

AlmaLinux 9 : php:8.3 (ALSA-2026:1429)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1429 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images...