Lucene search
K

1073 matches found

Cvelist
Cvelist
added last week39 views

CVE-2026-14454 Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

0.00394EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/07 3:13 p.m.14 views

SUSE CVE-2026-54059

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS6AI score0.00354EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per- glyph images into a combined bitmap with Image.new1, xsize,...

7.5CVSS6.1AI score0.00361EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/07/06 6:50 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1
Cvelist
Cvelist
added 2026/07/06 6:46 p.m.33 views

CVE-2026-54059 Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` — bomb protection bypass via PCF font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS0.00354EPSS
Exploits1References3
Fedora
Fedora
added 2026/07/06 2:55 p.m.9 views

[SECURITY] Fedora 44 Update: hplip-3.26.4-7.fc44

The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals...

9.8CVSS6AI score0.01333EPSS
Exploits0
OSV
OSV
added 2026/07/03 8:16 a.m.4 views

UBUNTU-CVE-2026-14544

A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...

9.8CVSS6.3AI score0.00511EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 7:26 a.m.6 views

EUVD-2026-41515

A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...

9.8CVSS6.3AI score0.01333EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/03 7:26 a.m.7 views

CVE-2026-14544

A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...

9.8CVSS6.3AI score0.00511EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55503

Name of the Vulnerable Software and Affected Versions HPLIP affected versions not specified Description An integer overflow exists in the hpcups processing path when handling specially crafted print data. This flaw may allow a remote attacker to escalate privileges or achieve arbitrary code...

9.8CVSS6.3AI score0.00511EPSS
Exploits0References16
Snyk
Snyk
added 2026/07/01 9:19 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54908

Name of the Vulnerable Software and Affected Versions PACSgear PACS Scan version 5.2.1 Description An unauthenticated remote code execution issue exists due to an exposed .NET Remoting TCP service on port 22222 used by PGImageExchQueue.exe. The flaw stems from insecure remoting endpoints and...

9.8CVSS6.5AI score0.00963EPSS
Exploits1References6
OSV
OSV
added 2026/06/26 2:2 p.m.8 views

JLSEC-2026-633 vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6AI score0.0032EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39582

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 8:46 p.m.6 views

EUVD-2026-39562

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 8:38 p.m.7 views

EUVD-2026-39561

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52621

Name of the Vulnerable Software and Affected Versions vtk vtk-dicom affected versions not specified Description A heap-based buffer overflow occurs in the vtkDICOMItem::NewDataElement function. A heap-based buffer overflow is a memory corruption issue that happens when a program writes more data ...

8.1CVSS6AI score0.0032EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52583

Name of the Vulnerable Software and Affected Versions qrscp affected versions not specified Description The C-STORE handler in the qrscp application fails to sanitize specific instances within attacker-supplied DICOM Digital Imaging and Communications in Medicine datasets. These unsanitized value...

9.1CVSS5.9AI score0.00434EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/22 10:9 p.m.27 views

CVE-2026-54236 vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS0.00796EPSS
Exploits1References3
NVD
NVD
added 2026/06/17 10:53 a.m.10 views

CVE-2026-46780

Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebCenter Content:...

8.8CVSS0.00402EPSS
Exploits0References1
Rows per page
Query Builder