Advisory ROSA-SA-2026-3304

Software: mupdf 1.26.10 Operating System: ROSA-CHROME Unaffected versions: = mupdf-1.26.10-2 Affected versions: mupdf-1.26.10-2 CVE-ID: CVE-2026-25556 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability related to double-freeing memory exists in MuPDF versions from 1.23.0 to 1.27.0. This...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

CLSA-2026-1778861508 gimp: Fix of 2 CVEs

CVE-2026-4153: fix heap-based buffer overflow in PSP file parser by computing proper linewidth for bit depths 1 and 4 with small widths - CVE-2026-4154: fix integer overflow and buffer overflow in XPM file parser by adding GIMPMAXIMAGESIZE bounds checks and using gtrynew...

Astra Linux - уязвимость в xorg-server, xwayland

A flaw related to accessing an uninitialized pointer was discovered in X.Org and Xwayland. The compCheckRedirect function may fail if it cannot allocate the backing pixmap. In such cases, compRedirectWindow will return a BadAlloc error without validating the window tree just before processing; as...

Astra Linux - уязвимость в libxpm

A vulnerability was discovered in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...

[SECURITY] Fedora 43 Update: SDL2_image-2.8.12-1.fc43

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

[SECURITY] Fedora 44 Update: SDL2_image-2.8.12-1.fc44

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

CVE-2026-42144

A flaw was found in the CImg library. An integer overflow vulnerability in the WHD size computation inside loadpnm can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around, allocating an undersized buffer and potentially...

CVE-2026-42144

CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the WHD size computation inside loadpnm that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around...

JLSEC-2026-284

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the XWD decoder when there is a type confusion between bitsperpixel and pixmapdepth during the byte-swap process. An attacker can achieve arbitrary code execution or cause a denial of service by providing a crafte...

DEBIAN-CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

EUVD-2026-23644

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492 SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492 SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...