LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 CVSS score: 7.5, relate...

CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

UBUNTU-CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

Integer overflow

Multiple integer overflows in the loadimage function in file-pcx.c in the Personal Computer Exchange PCX plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based...

Gimp: Integer overflow in the PCX image file plug-in

Multiple integer overflows in the loadimage function in file-pcx.c in the Personal Computer Exchange PCX plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based...