53 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-33633
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write ...
CVE-2026-33633
A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker, by sending a specially crafted APC graphics protocol command with a large PNG payload to the terminal's standard input stdin, could trigger a heap buffer overflow in the loadimagedata function. This vulnerability...
CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
UBUNTU-CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
CVE-2026-33633 Kitty has a Heap Buffer Overflow in its Graphics Protocol Handler
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
EUVD-2026-30964
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
KiTTY 安全漏洞
KiTTY is a lightweight telnet and Windows SSH client. Kitty versions 0.46.2 and earlier have a security vulnerability caused by a heap buffer overflow in loadimagedata. This vulnerability allows processes that write to the terminal stdin to trigger a crash through the APC graphical protocol...
PT-2026-41985
Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description A heap buffer overflow exists in the load image data function. This occurs when a process writes to the terminal's stdin using a single APC graphics protocol command with a PNG format declaration f=10...
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 CVSS score: 7.5, relate...
CVE-2026-33626
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the loadimage and encodeimagebase64 functions in LMDeploy's vision-language module, which fetch URLs without validating whether the destination is an internal or private address. An attacker can acce...
CVE-2026-33626
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...
CVE-2026-33626 LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...
CVE-2026-33626 LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...
PT-2026-33847
Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.12.3 Description A Server-Side Request Forgery SSRF issue exists in the vision-language module of LMDeploy, a toolkit for compressing, deploying, and serving large language models. The load image and encode image...
CVE-2026-33023
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...
UBUNTU-CVE-2026-3308
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...