44 matches found
JLSEC-2026-283
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
PT-2025-51783
Name of the Vulnerable Software and Affected Versions Shotcut version 25.10.31 Description Shotcut 25.10.31 is subject to a buffer overflow issue. This occurs when processing MLT project files containing manipulated width and height parameters. Specifically, providing extremely large values for...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
EUVD-2025-35056
Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...
CVE-2025-11679
Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...
UBUNTU-CVE-2025-11679
Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...
CVE-2025-11679
Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...
CVE-2025-11679
CVE-2025-11679 affects warmcat libwebsockets where an out-of-bounds read in lws_upng_emit_next_line can occur if LWS_WITH_UPNG is enabled and the HTML display stack is used, potentially crashing a heap-allocated buffer when a crafted PNG with large height is viewed. Public sources (Fedora, Debian...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
SUSE CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
AZL-67794 CVE-2025-9900 affecting package libtiff for versions less than 4.6.0-9
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
DEBIAN-CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
Write-what-where Condition
Overview Affected versions of this package are vulnerable to Write-what-where Condition in the TIFFReadRGBAImageOriented function while processing paletted images with malformed metadata. TIFF file. An attacker can achieve arbitrary memory write by convincing a user to open a specially crafted TI...
PT-2025-39179
Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 4.7.0 LibTIFF version 4.7.0 Description A flaw exists in LibTIFF that results in a "write-what-where" condition. This issue is triggered when the library processes a specially crafted TIFF image file. An attacker can...
SUSE CVE-2007-2949
Integer overflow in the seektoandunpackpixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large 1 width or 2 height value...
SUSE CVE-2008-5286
Integer overflow in the cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow...