CVE-2026-43179

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system...

CVE-2026-43179 erofs: fix incorrect early exits for invalid metabox-enabled images

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system...

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

vLLM 日志信息泄露漏洞

vLLM is an open-source solution designed for LLM-based systems, featuring high throughput and memory-efficient reasoning and service engines. Versions of vLLM from 0.8.3 to 0.14.1 contained a vulnerability related to log information leakage. This vulnerability occurred due to the exposure of heap...

PYSEC-2022-149

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...

PYSEC-2022-94

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., , the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode. However,...

PT-2022-16102 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow version 2.7.1 TensorFlow version 2.6.3 TensorFlow version 2.5.3 Description: When decoding PNG images, TensorFlow can produce a memory leak if the image is invalid. After calling...

CVE-2021-22563

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with...

DEBIAN-CVE-2019-16865

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

PYSEC-2019-110

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

UBUNTU-CVE-2019-16865

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

SUSE SLED11 / SLES11 Security Update : tiff (SUSE-SU-2016:0353-1)

This update for tiff fixes the following issues : - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images bsc964225 - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools bsc960341 Note that Tenable Network Security has extracted the preceding...

Python 2.2 ImageOP Module Multiple Integer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/25696/info Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow. To successfully...

ALPINE-CVE-2009-3895

Heap-based buffer overflow in the exifentryfix function aka the tag fixup routine in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party...