595 matches found
CVE-2026-54394
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...
CVE-2026-3102
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...
CVE-2026-3102 exiftool PNG File MacOS.pm SetMacOSTags os command injection
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...
EUVD-2026-8471
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...
PT-2026-21764
Name of the Vulnerable Software and Affected Versions exiftool versions prior to 13.50 Description An OS command injection issue exists in the PNG File Parser component of exiftool on macOS. The flaw is located in the SetMacOSTags function within the lib/Image/ExifTool/MacOS.pm file. A remote...
The vulnerability of the png_set_quantize() function in the library for working with PNG bitmap graphics in libpng allows a hacker to execute arbitrary code.
The vulnerability of the pngsetquantize function in the library for working with PNG bitmap graphics in libpng is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code using a specially crafted PNG file...
CVE-2024-41439
A heap buffer overflow in the function cpblock /vendor/cutepng.h of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41440
A heap buffer overflow in the function pngquantize of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2025-41720
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
CLSA-2025-1759856673 Fix CVE(s): CVE-2025-55154
SECURITY UPDATE: memory corruption vulnerability from unsafe magnified size calculations in ReadOneMNGIMage - debian/patches/CVE-2025-55154.patch: Fix type mismatch issue in png.c causing incorrect image dimensions calculation - CVE-2025-55154...
EUVD-2014-9475
Malware in sbrugna...
EUVD-2020-27229
Malware in sbrugna...
EUVD-2021-27351
Malware in sbrugna...
EUVD-2013-3403
Malware in sbrugna...
EUVD-2021-26181
Malware in sbrugna...
EUVD-2012-3404
Malware in sbrugna...
EUVD-2021-2566
Malware in sbrugna...
EUVD-2017-4657
Malware in sbrugna...
EUVD-2010-1543
Malware in sbrugna...
EUVD-2017-16266
Malware in sbrugna...