Lucene search
K

26 matches found

OSV
OSV
added 3 days ago5 views

DEBIAN-CVE-2026-61858

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

5.3CVSS6.1AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-61858 ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS0.00133EPSS
Exploits0References2
CVE
CVE
added 3 days ago12 views

CVE-2026-61858

CVE-2026-61858 concerns ImageMagick prior to 7.1.2-26, where a policy bypass vulnerability exists in the APNG encoder and external delegates due to missing validation checks. Attackers can bypass policy restrictions during APNG encoding and write files to disallowed paths. The provided documents ...

5.3CVSS6.1AI score0.00133EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/26 7:31 p.m.16 views

JLSEC-2026-535

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application...

7.8CVSS7.3AI score0.02008EPSS
Exploits1References12
OSV
OSV
added 2026/05/19 6:16 p.m.10 views

DEBIAN-CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

8.8CVSS5.9AI score0.00367EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.12 views

Amazon Linux 2 : libpng, --advisory ALAS2-2026-3244 (ALAS-2026-3244)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3244 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...

7.5CVSS6.4AI score0.01052EPSS
Exploits1References4
Redos
Redos
added 2026/04/01 12:0 a.m.7 views

ROS-20260401-73-0005

Vulnerability in libpng15 related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.8CVSS6AI score0.00114EPSS
Exploits0
OSV
OSV
added 2026/03/25 11:16 a.m.5 views

CLSA-2026-1774437406 Fix CVE(s): CVE-2026-30883

SECURITY UPDATE: heap over-write in PNG raw profile writer - debian/patches/CVE-2026-30883.patch: add overflow check for allocatedlength in Magickpngwriterawprofile to prevent integer overflow leading to heap over-write - CVE-2026-30883...

7.8CVSS7.3AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 5:24 p.m.8 views

CLSA-2026-1774027481 Fix CVE(s): CVE-2026-30883

SECURITY UPDATE: heap overflow in PNG encoder from large profile - debian/patches/CVE-2026-30883.patch: add overflow check in Magickpngwriterawprofile to reject profiles with length that would overflow allocatedlength arithmetic - CVE-2026-30883...

7.8CVSS7.3AI score0.00123EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/17 9:57 a.m.6 views

Important: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

8.3CVSS6.1AI score0.00955EPSS
Exploits2References4
Snyk
Snyk
added 2026/03/10 9:5 p.m.6 views

Out-of-bounds Write

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-65018)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-65018 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG...

7.1CVSS5.8AI score0.00229EPSS
Exploits4References1
Debian CVE
Debian CVE
added 2025/12/03 8:33 p.m.9 views

CVE-2025-66293

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing...

7.1CVSS6AI score0.00299EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2025/10/20 11:40 p.m.5 views

SUSE CVE-2025-11680

Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

5.9CVSS7.3AI score0.00356EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/26 3:37 p.m.3 views

CVE-2025-57810 jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG...

8.7CVSS6.5AI score0.00658EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.4 views

HiColor 安全漏洞

HiColor is a program by the individual developer D. Bohdan. It is used to convert images to 15-bit and 16-bit RGB colors. A security vulnerability exists in HiColor version 0.5.0, which stems from a heap buffer overflow vulnerability in the pngquantize function, allowing an attacker to cause a...

6.2CVSS6.9AI score0.00761EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/06 12:0 a.m.3 views

AMI AptioV Code Issue Vulnerability

AMI AptioV is a firmware from AMI. A security vulnerability exists in AMI AptioV that stems from a vulnerability contained in the BIOS, where a user may be able to locally upload a dangerous type of PNG Logo file, which could be exploited by an attacker to cause a loss of system confidentiality,...

7.8CVSS7.4AI score0.00623EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.5 views

SUSE CVE-2009-1932

Multiple integer overflows in the 1 userinfocallback, 2 userendrowcallback, and 3 gstpngdectask functions ext/libpng/gstpngdec.c in GStreamer Good Plug-ins aka gst-plugins-good or gstreamer-plugins-good 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary cod...

6.8CVSS8.1AI score0.05466EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.6 views

PT-2023-1301

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.1.0-49 Description The issue is related to errors in processing input data, which can allow a remote attacker to access protected information using the profile parameter. When ImageMagick parses a PNG image, the resulting...

8.8CVSS6.8AI score0.89855EPSS
Exploits66References359
OSV
OSV
added 2022/08/24 4:15 p.m.3 views

DEBIAN-CVE-2021-4214

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service...

5.5CVSS6.5AI score0.00505EPSS
Exploits1References1
Rows per page
Query Builder