PT-2026-43711

An issue in fetch jpg in xdrv 10 scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16 t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually...

CVE-2019-25580

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the ImageStreamImport mechanism that handles user-supplied image references without proper IP address and network-range validation. An attacker can access internal network resources, enumerate service...

CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-40165

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

Linux Distros Unpatched Vulnerability : CVE-2022-35099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixelunsigned char at /xpdf/Stream.cc. CVE-2022-35099 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2024-7868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Xpdf 4.05 and earlier, invalid header info in a DCT JPEG stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file cause...

Linux Distros Unpatched Vulnerability : CVE-2009-3609

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and...

VulnCheck KEV: CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php...

SUSE CVE-2009-0658

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by...

SUSE CVE-2017-14617

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files...

SUSE CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine located at Stream.cc in Poppler 0.74.0 that can for example be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impa...

SUSE CVE-2019-10021

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps...

CVE-2022-35099

SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixelunsigned char at /xpdf/Stream.cc...

Command Injection

Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Command Injection. The issue occurs in the...

poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc

A heap-based buffer underwrite exists in ImageStream::getLine located at Stream.cc in Poppler 0.74.0 that can for example be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impa...

CVE-2019-10021

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps...

CVE-2019-10025

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits...

UBUNTU-CVE-2019-10025

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits...