9 matches found
Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47261)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. Axis has released patched AXIS OS...
CVE-2026-32882
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay in libheif/pixelimage.cc. When compositing an overlay image iovl whose child image has a different bit depth for the alpha channel than for the color...
SUSE-SU-2026:0087-1 Security update for libheif
This update for libheif fixes the following issues: - CVE-2025-68431: Fixed heap buffer over-read in HeifPixelImage::overlay via crafted HEIF that exercises the overlay image item bsc1255735...
CVE-2025-68431
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay. The function computes a negative row length likely from an unclipped overlay rectangle or...
DEBIAN-CVE-2024-41311
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write...
PT-2024-7935 · Libheif +6 · Libheif +6
Name of the Vulnerable Software and Affected Versions: Libheif version 1.17.6 Description: The issue is related to the ImageOverlay::parse function in the libheif decoder and encoder for video and photo file formats. It involves an out-of-bounds read and write due to insufficient checks when...
WordPress Overlay Image Divi Module Plugin < 1.5 is vulnerable to Cross Site Scripting (XSS)
Software Overlay Image Divi Module Type Plugin Vulnerable versions 1.5 Fixed in 1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3d904935a6e0 Credits Rafie Muhammad Patchstack...
WordPress Overlay Image Divi Module plugin <= 1.3.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Overlay Image Divi Module plugin versions = 1.3.1. Solution Update the WordPress Overlay Image Divi Module plugin to the latest available version at least 1.3.2...
Calibre E-Book Reader - Race Condition Privilege Escalation
!/bin/sh .70-Calibrer Assault Mount by Dan Rosenberg @djrbliss and zx2c4 Yesterday we learned how Calibre's ability to mount anything anywhere resulted in a local root. Today's exploit shows a race condition to subvert recent changes preventing symlinks and checking path prefixes. - djrbliss &...