2178 matches found
Exploit for CVE-2025-67303
ComfyUI Custom Node - AI Enhancement This is a custom node fo...
vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
Summary Users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. Details T...
CVE-2025-15514
A flaw was found in Ollama's multi-modal model image processing functionality. A remote attacker can exploit this by sending specially crafted base64-encoded image data to the /api/chat endpoint. This malformed input can lead to a null pointer dereference, causing a segmentation fault and crashin...
CVE-2025-15514
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...
CVE-2025-15514
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...
CVE-2025-15514
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...
CVE-2025-15514
CVE-2025-15514 affects Ollama 0.11.5-rc0 through 0.13.5, with a null pointer dereference in multi‑modal image processing. Malformed base64 image data passed to /api/chat can cause mtmd_helper_bitmap_init_from_buf to return NULL and be dereferenced, triggering a segmentation fault and DoS. Mitigat...
CVE-2025-15514 Ollama Multi-Modal Model Image Processing NULL Pointer Dereference
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...
Ollama 安全漏洞
Ollama is an Ollama open source large-scale language model that can be started and run locally. A security vulnerability exists in Ollama versions 0.11.5-rc0 through 0.13.5, which stems from the presence of a null pointer dereference in the image processing function of the multimodal model, which...
OpenProject 信息泄露漏洞
OpenProject is OpenProject open source a Web-based project management software. OpenProject 16.6.4 before the version of the information leakage vulnerability , the vulnerability stems from the work package PDF export function there is a local file reading vulnerability , an attacker can upload a...
OESA-2026-1004 gimp security update
The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...
CVE-2023-40416
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory...
CVE-2009-4776
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors relate...
CVE-2021-22335
There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing...
CVE-2019-20023
A memory leak was discovered in imagebufferresize in fromsixel.c in libsixel 1.8.4...
CVE-2023-50262
Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...
SUSE-SU-2026:0073-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: - CVE-2025-68618: read a malicious SVG file may result in a DoS attack bsc1255821. - CVE-2025-68950: check for circular references in mvg files may lead to stack overflow bsc1255822. - CVE-2025-69204: an integer overflow can lead to a DoS...
GHSA-QJM3-CVP9-3JJ3 Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
CVE-2026-22187
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...