3170 matches found
Information Exposure
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Information Exposure
Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
GHSA-4G75-9R48-JF92 ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met...
ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met...
GHSA-P93H-F2JC-477J ImageMagick: Heap Buffer Over-Write in distributed pixel cache server
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process...
PT-2026-42813
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The distributed pixel cache was originally designed to operate without a challenge-response authentication model, which is a security mechanism where one party...
FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...
CVE-2026-7613
CVE-2026-7613 affects the Cost of Goods by PixelYourSite plugin for WordPress. It allows unauthenticated Stored XSS via csvdata[0][cost_of_goods_value] in versions up to 1.2.12 due to insufficient input sanitization and output escaping, enabling arbitrary scripts to run on pages loaded by users. ...
EUVD-2026-31126
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
Astra Linux – Vulnerability in libjpeg-turbo
LibJPEG 9c has a major issue with a large loop, as the readPixel function in rdtarga.c improperly handles EOF situations...
Astra Linux – Vulnerability in imagemagick
In the functions CatromWeights, MeshInterpolate, InterpolatePixelChannel, InterpolatePixelChannels, and InterpolatePixelInfo, which are all part of /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations that were used with the floor function. These calculations resulted ...
Astra Linux – Vulnerability in imagemagick
In the IntensityCompare function in /magick/quantize.c, there are calls to PixelPacketIntensity, which may return overflowing values to the caller when ImageMagick processes a crafted input file. To address this issue, the patch introduces and utilizes the ConstrainPixelIntensity function. This...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update the logic to calculate the D value for RCG. The display pixel clock has a requirement on certain newer platforms to support M/N as 2/3, and the final D value calculated results in underflow errors. As...
FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...
FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the decodemaskimage function. An attacker can cause a heap buffer overflow by providing a crafted HEIF file containing a mask image where the iloc extent exceeds the allocated pixel buffer, leading to...
CVE-2026-32814
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...
UBUNTU-CVE-2026-32814
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...
CVE-2026-32741
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When decoding a HEIF file containing a mask image mski, the function copies the full iloc extent data into a pixel buffer using memcpydst,...
CVE-2026-32741 libheif has a heap buffer overflow in decode_mask_image()
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When decoding a HEIF file containing a mask image mski, the function copies the full iloc extent data into a pixel buffer using memcpydst,...