CVE-2026-25794

ImageMagick (WriteUHDRImage in coders/uhdr.c) is affected by a signed 32-bit int overflow when computing the pixel buffer size for large dimensions, causing an undersized heap allocation and an out-of-bounds write. A patch is available in version 7.1.2-15 that fixes this issue. The CVE entry note...

PT-2026-21600

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 Description ImageMagick is software used for editing and manipulating digital images. The WriteUHDRImage function in coders/uhdr.c uses 32-bit integer arithmetic to calculate the pixel buffer size. When...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the flow.empty function. An attacker can cause the application to crash or become unresponsive by supplying a negative or excessively large dimension value. Remediation There is no...

EUVD-2025-206481

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability. This vulnerability stems from a dimension validation flaw in the flow.empty component, which may allow denial-of-service attacks through negative values or excessive...

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

EUVD-2017-4661

Malware in sbrugna...

Medium: libvpx

Issue Overview: There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be...

CVE-2025-57614

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability occurs when dimension parameters are zero or exceed...

CVE-2025-57614

The CVE-2025-57614 entry concerns rust-ffmpeg 0.3.0 (post-commit 5ac0527). The flaw is an integer overflow/invalid input in the cached method triggered when dimension parameters are zero or exceed i32::MAX, causing an unchecked cast that violates the underlying C function preconditions and leads ...

SUSE CVE-2024-5171

Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: Calling aomimgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and so...

OESA-2024-1716 libvpx security update

libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide. Security Fixes: There exists interger overflows in libvpx in versions prior t...

UBUNTU-CVE-2024-5171

Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: Calling aomimgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and so...

DEBIAN-CVE-2024-5197

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling...

AZL-42963 CVE-2024-5197 affecting package libvpx 1.13.1-1

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling...

SUSE CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the readpng function...

SUSE CVE-2016-4024

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation...

SUSE CVE-2016-9830

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service crash via large dimensions in a jpeg image...

SUSE CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690...

GHSA-JQ6X-99HJ-Q636 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs

Impact If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error: python np.ones0, 231, 231 An example of a proof of concept: python import numpy as np import tensorflow as tf inputval =...