40 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
The texture upload of a Pixel Buffer Object could have caused WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR 78.9, Firefox 87, and Thunderbird 78.9...
CVE-2026-33021
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixelencoderencodebytes because sixelframeinit stores the caller-owned pixel buffer pointer directly in frame-pixels without making a defensive copy...
CVE-2026-33021
CVE-2026-33021 (libsixel) is a use-after-free in sixel_encoder_encode_bytes() affecting libsixel 1.8.7 and earlier. The bug arises because sixel_frame_init() stores a caller-owned pixel buffer pointer directly in frame->pixels without copying. On a subsequent resize, sixel_frame_convert_to_rgb...
CLSA-2026-1773413074 Fix CVE(s): CVE-2026-24481
SECURITY UPDATE: heap information disclosure in PSD channel decoder - debian/patches/CVE-2026-24481.patch: initialize pixel buffer with zeros in ReadPSDChannelZip to prevent heap memory disclosure - CVE-2026-24481...
CLSA-2026-1773412353 Fix CVE(s): CVE-2026-24481
SECURITY UPDATE: heap information disclosure in PSD channel decoder - debian/patches/CVE-2026-24481.patch: initialize pixel buffer with zeros in ReadPSDChannelZip to prevent heap memory leak - CVE-2026-24481...
CLSA-2026-1772638779 cups-filters: Fix of CVE-2025-57812
CVE-2025-57812: fix out-of-bounds read/write when processing crafted TIFF images; validate bytes-per-pixel and use correct pixel buffer size, preventing memory access outside the buffer...
CLSA-2026-1772464109 Fix CVE(s): CVE-2026-25897, CVE-2026-26284
SECURITY UPDATE: security vulnerability CVE-2026-25897 - debian/patches/CVE-2026-25897.patch: prevent integer overflow during pixel buffer size calculation by using checked multiplication and validating rows addition; issue caused by unvalidated header values allowing overflow and incorrect...
CLSA-2026-1772451545 Fix CVE(s): CVE-2026-25897, CVE-2026-26284
SECURITY UPDATE: out-of-bounds read vulnerability - debian/patches/CVE-2026-26284.patch: Fix incorrect loop initialization in delta decoding; prevent out-of-bounds read caused by starting table scan at invalid index. - CVE-2026-26284 SECURITY UPDATE: out-of-bounds heap write on 32-bit systems -...
CLSA-2026-1772451135 Fix CVE(s): CVE-2026-25897, CVE-2026-26284
SECURITY UPDATE: out-of-bounds read vulnerability - debian/patches/CVE-2026-26284.patch: Fix incorrect loop initialization in delta decoding; prevent out-of-bounds read caused by starting table scan at invalid index. - CVE-2026-26284 SECURITY UPDATE: out-of-bounds heap write on 32-bit systems -...
Integer Overflow or Wraparound
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the WriteUHDRImage function when processing UHDR images with excessively large dimensions due to a signed integer overflow during pixel buffer size calculation. An attacker can cause a denial of service...
Integer Overflow or Wraparound
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
CVE-2026-25794
ImageMagick is free and open-source software used for editing and manipulating digital images. WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit int, causing an...
CVE-2026-27168
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytesperline value. The value os read directly from the file as the read size in...
CVE-2026-1837
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...
CVE-2026-25634 iccDEV memcpy-param-overlap in CIccTagMultiProcessElement::Apply()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....
Linux Distros Unpatched Vulnerability : CVE-2021-23981
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a...
OPENSUSE-SU-2024:10229-1 gdk-pixbuf-loader-rsvg-2.40.16-1.4 on GA media
These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.40.16-1.4 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2021-23981
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR 78.9, Firefox 87, and Thunderbird 78.9...
Google Pixel 缓冲区错误漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...