CVE-2026-48994

CVE-2026-48994 affects ImageMagick MAT decoder on 32-bit systems due to a missing check of a return value, leading to a heap buffer over-write. Affected versions prior to patch: 6.9.13-48 and 7.1.2-24; patches are available in those versions. CVSSv3.1 base score: 5.9 (Network, high complexity, no...

ImageMagick: Heap Buffer Over-Write in distributed pixel cache server

An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process...

ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix

An incorrect fix that was applied in GHSA-5592-p365-24xh could result in a heap buffer over-write of a single byte...

ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.

An incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options...

CLSA-2026-1774027715 Fix CVE(s): CVE-2026-30883

SECURITY UPDATE: heap over-write in PNG raw profile writer - debian/patches/CVE-2026-30883.patch: add overflow check for allocatedlength in Magickpngwriterawprofile to prevent integer overflow leading to heap over-write - CVE-2026-30883...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in Magickpngwriterawprofile in the PNG encoder. An attacker can cause a heap buffer over-write and disrupt application availability or alter program behavior by supplying an image with an extremely large profile...

EUVD-2020-19066

Malware in sbrugna...

EUVD-2019-5382

Malware in sbrugna...

EUVD-2020-24934

Malware in sbrugna...

CVE-2020-3663

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2019-14132

Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150...

RHEL 5 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - file: Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 - rpm: Following symlinks to...

RHEL 7 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - file: Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 - rpm: Following symlinks to...

RHEL 6 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - file: Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 - rpm: Following symlinks to...

RHEL 7 : imagemagick,_graphicsmagick (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ImageMagick, GraphicsMagick: Heap based buffer over-write in DescribeImage function of the...

RHEL 6 : imagemagick,_graphicsmagick (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ImageMagick, GraphicsMagick: Heap based buffer over-write in DescribeImage function of the...

CVE-2023-44123

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAGMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Bluetooth "com.lge.bluetoothsetting" app. The attacker's app, if it had access to app notifications, could intercept...

CVE-2023-44125 Personalized service - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...

Directory traversal

An attacker with non-administrative authorizations in SAP NetWeaver BI CONT ADD ON - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system...

CVE-2023-33989 Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

An attacker with non-administrative authorizations in SAP NetWeaver BI CONT ADD ON - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system...