Lucene search
K

54409 matches found

OSV
OSV
added 2026/03/01 12:0 a.m.6 views

ASB-A-443123065

In pkvmhostshareguest of memprotect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00152EPSS
Exploits0References4
OSV
OSV
added 2026/02/28 12:47 p.m.7 views

OESA-2026-1474 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

10CVSS6.2AI score0.00604EPSS
Exploits0References38
OSV
OSV
added 2026/02/28 12:46 p.m.6 views

OESA-2026-1472 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

10CVSS6.2AI score0.00604EPSS
Exploits0References38
NVD
NVD
added 2026/02/27 8:21 p.m.8 views

CVE-2026-28231

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

9.1CVSS0.00632EPSS
Exploits1References3
OSV
OSV
added 2026/02/27 8:13 p.m.4 views

CVE-2026-28231 pillow_heif Has Integer Overflow in Encode Path Buffer Validation that Leads to Heap Out-of-Bounds Read

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

6.9CVSS6.1AI score0.00632EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/27 8:13 p.m.20 views

CVE-2026-28231 pillow_heif Has Integer Overflow in Encode Path Buffer Validation that Leads to Heap Out-of-Bounds Read

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

6.9CVSS0.00632EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:13 p.m.3 views

CVE-2026-28231

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

9.1CVSS6.1AI score0.00632EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 8:13 p.m.3 views

CVE-2026-28231 pillow_heif Has Integer Overflow in Encode Path Buffer Validation that Leads to Heap Out-of-Bounds Read

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

6.9CVSS6.1AI score0.00632EPSS
Exploits1References3
CVE
CVE
added 2026/02/27 8:13 p.m.21 views

CVE-2026-28231

CVE-2026-28231 affects pillow_heif prior to 1.3.0. A integer overflow in the encode path buffer validation of _pillow_heif.c allows bypassing bounds checks when large image dimensions are provided, causing a heap out-of-bounds read. Reported consequences include information disclosure (server hea...

9.1CVSS6.1AI score0.00632EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/02/27 6:15 a.m.2 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the vipsextractareabuild function in the extract.c file. An attacker can cause a denial of service by providing specially crafted arguments to trigger an integer overflow. Remediation A fix was pushed...

5.5CVSS5.9AI score0.00214EPSS
Exploits2References2
EUVD
EUVD
added 2026/02/27 3:30 a.m.10 views

EUVD-2026-8991

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

4.8CVSS4.6AI score0.00214EPSS
Exploits2References9
OSV
OSV
added 2026/02/27 3:16 a.m.5 views

CVE-2026-3284

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

5.5CVSS5.7AI score
Exploits0References8
NVD
NVD
added 2026/02/27 3:16 a.m.8 views

CVE-2026-3284

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

5.5CVSS0.00214EPSS
Exploits2References8
OSV
OSV
added 2026/02/27 3:16 a.m.7 views

DEBIAN-CVE-2026-3284

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

5.5CVSS4.3AI score0.00214EPSS
Exploits2References1
OSV
OSV
added 2026/02/27 3:16 a.m.9 views

UBUNTU-CVE-2026-3284

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

5.5CVSS5.6AI score0.00214EPSS
Exploits2References10
ATTACKERKB
ATTACKERKB
added 2026/02/27 3:2 a.m.4 views

CVE-2026-3284

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

5.5CVSS5.5AI score0.00214EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2026/02/27 3:2 a.m.4 views

CVE-2026-3284 libvips extract.c vips_extract_area_build integer overflow

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

4.8CVSS5.8AI score0.00214EPSS
Exploits2References8
CVE
CVE
added 2026/02/27 3:2 a.m.17 views

CVE-2026-3284

The CVE concerns libvips 8.19.0 where the function vips_extract_area_build in libvips/conversion/extract.c is vulnerable to an integer overflow when manipulating the extract_area argument. This vulnerability can be triggered via a local attack, and public exploits have been reported. A patch is i...

5.5CVSS4.8AI score0.00214EPSS
Exploits2References8Affected Software1
Cvelist
Cvelist
added 2026/02/27 3:2 a.m.25 views

CVE-2026-3284 libvips extract.c vips_extract_area_build integer overflow

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

4.8CVSS0.00214EPSS
Exploits2References8
Debian CVE
Debian CVE
added 2026/02/27 3:2 a.m.7 views

CVE-2026-3284

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

5.5CVSS4.3AI score0.00214EPSS
Exploits2
Rows per page
Query Builder