Lucene search
+L

1151 matches found

Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-58072

Name of the Vulnerable Software and Affected Versions Pillow versions 8.2.0 through 12.2.0 Description In the src/libImaging/Jpeg2KDecode.c file, the library accumulates total component width across every tile in a JPEG2000 image instead of recomputing it per tile. This behavior allows a speciall...

8.7CVSS6.1AI score0.00398EPSS
Exploits1References27
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-705 Out-of-bounds Write in OpenCV.

In OpenCV 3.3.1 corresponding with OpenCV-Python 3.3.1.11, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmtjpeg2000.cpp when parsing a crafted image file...

5.5CVSS6.2AI score0.01507EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/07/01 10:9 p.m.9 views

CVE-2026-55597

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. An incorrect handling of arguments in the JP2 encoder can lead to a heap buffer overwrite. This vulnerability could allow an attacker to cause a denial of service DoS by providing a...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/01 9:19 p.m.6 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

6.5CVSS0.00465EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.37 views

CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

0.00465EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:0 a.m.17 views

CVE-2026-30040

CVE-2026-30040 is a heap overflow in the JP2 parser within FSViewer.exe of FastStone Image Viewer v8.3 that can allow arbitrary code execution in the current process when processing crafted JPEG 2000 files. The issue can be triggered during automatic directory enumeration (e.g., during thumbnail ...

6.5CVSS6.2AI score0.00465EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 9:16 p.m.15 views

CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS0.00263EPSS
Exploits1References5
OSV
OSV
added 2026/06/18 9:16 p.m.4 views

UBUNTU-CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS5.9AI score0.00263EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/18 8:31 p.m.3 views

CVE-2026-45696 OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS5.9AI score0.00263EPSS
Exploits1References2
OSV
OSV
added 2026/06/18 8:31 p.m.1 views

CVE-2026-45696 OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS6.1AI score0.00263EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 1:17 p.m.9 views

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP9, v8.5.8 BP2 vulnerabilities CVE-2025-54874 (vulnerable), CVE-2025-59375 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP9, v8.5.8 BP2 January, 2026 vulnerabilities CVE-2025-54874 vulnerable, CVE-2025-59375 vulnerable in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing Vulnerability Details CVEID:CVE-2025-54874 DESCRIPTION: OpenJPEG is an...

9.8CVSS6.6AI score0.01279EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/15 1:49 a.m.13 views

gimp: GIMP: Remote Code Execution via malicious JP2 file parsing

A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 JPEG 2000 file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker ...

7.8CVSS8AI score0.00744EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/10 9:45 p.m.38 views

CVE-2026-46559 ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

4CVSS0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities were caused by errors in...

4CVSS5.5AI score0.00116EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.17 views

CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0064EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/06/09 7:57 p.m.56 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0064EPSS
Exploits1References3
OSV
OSV
added 2026/05/26 7:31 p.m.17 views

JLSEC-2026-546

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420torgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg...

7.8CVSS7.3AI score0.01536EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-47112

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj jp2 read header may lead to OOB heap memory write when the data stream p stream is too short and p image is not initialized...

7.5CVSS5.5AI score
Exploits0References4
Rows per page
Query Builder