Astra Linux - уязвимость в hdf5

There is an out-of-bounds read vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

PT-2026-41299

Name of the Vulnerable Software and Affected Versions Imager versions prior to 1.031 Description Imager for Perl allows a heap out of bounds OOB write—a memory corruption where data is written outside the boundaries of an allocated heap buffer—when processing crafted multi-frame GIF files. The i...

Imager 缓冲区错误漏洞

Imager is an image processing program developed by Tony Cook personally. Versions of Imager 1.030 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the ireadgifmultilow function in Imager::File::GIF, which allocates a single buffer for each line of data. The size...

[SECURITY] Fedora 43 Update: SDL3_image-3.4.4-1.fc43

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This is a simple library to load images of various formats as SDL surfaces. It can load BMP, GIF, JPEG, LBM, PCX, PNG, PNM PPM/PGM/PBM, QOI, TGA, XCF,...

[SECURITY] Fedora 44 Update: usd-26.03-3.fc44

Universal Scene Description USD is a time-sampled scene description for interchange between graphics applications...

giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension

A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension GCE block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of...

SUSE CVE-2026-6384

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

CVE-2026-6384

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

EUVD-2026-22740

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

[SECURITY] Fedora 42 Update: libcgif-0.5.3-1.fc42

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the stbigifloadnext function. An attacker can cause the application to become unavailable by enticing a user to open a specially crafted GIF image. This is only exploitable if a user interacts...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

[SECURITY] Fedora 43 Update: rubygem-json-2.13.2-2.fc43

This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...

CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

CVE-2026-24896

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

EUVD-2026-8584

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...