EUVD-2022-2250

Malicious code in bioql PyPI...

EUVD-2022-1564

Malicious code in bioql PyPI...

EUVD-2021-7202

Malicious code in bioql PyPI...

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2025-43300: iOS/macOS DNG Image Processing Memory Corrupti...

Security update for jasper

This update for jasper fixes the following issues: CVE-2025-8835: missing range check in the JPEG-2000 JPC Encoder leads to assertion failure and crash when processing a malformed JPEG2000 image with an invalid cblkwidth parameter bsc1247904. CVE-2025-8836: out-of-bounds array indexing in functio...

Denial Of Service (DoS)

jspdf is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of unsanitized image data or URLs in the addImage method, which allows an attacker to supply a malicious PNG file that triggers high CPU utilization and denial of service...

Apple macOS Tahoe Memory Corruption Vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

CVE-2025-43287

The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory...

Security update for jasper

This update for jasper fixes the following issues: CVE-2025-8835: missing range check in the JPEG-2000 JPC Encoder leads to assertion failure and crash when processing a malformed JPEG2000 image with an invalid cblkwidth parameter bsc1247904. CVE-2025-8836: out-of-bounds array indexing in functio...

ruby-dragonfly

This repository is an offensive tool for Ruby. It is a highly customizable gem for handling images and other attachments, and is already in use on thousands of websites. The tool is designed to generate image thumbnails in Rails and to manage attachments in web applications. It provides a range o...

Linux Distros Unpatched Vulnerability : CVE-2025-6199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the GIF parser of GdkPixbuf's LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output...

Linux Distros Unpatched Vulnerability : CVE-2022-40755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jasimage.c. CVE-2022-40755 Note that Nessus relies o...

CVE-2025-9732

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is...

Linux Distros Unpatched Vulnerability : CVE-2018-6799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AcquireCacheNexus function in magick/pixelcache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service heap overwrite or...

The Bug Report – August 2025 Edition

The Bug Report – August 2025 Edition By Jonathan Omakun, Tola Olawale · August 27, 2025 Why am I here? Welcome back to The Bug Report! Did you miss us? The Trellix Advanced Research Center has been playing a high-stakes game of whack-a-mole with this month's vulnerabilities. We've dug through all...

Linux Distros Unpatched Vulnerability : CVE-2022-21831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments. CVE-2022-21831...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2025-43300: iOS/macOS DNG Image Processing Memory Corrupti...

Linux Distros Unpatched Vulnerability : CVE-2005-0406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of...

Linux Distros Unpatched Vulnerability : CVE-2011-3170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gifreadlzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote...