Lucene search
K

1171 matches found

Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: gimp

Issue Overview: GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS7.9AI score0.00755EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.7 views

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-014 (ALASGIMP-2026-014)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GIMP-2026-014 advisory. GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to...

7.8CVSS7.7AI score0.00755EPSS
Exploits0References8
OSV
OSV
added 2026/04/29 9:46 a.m.7 views

CLSA-2026-1777455968 exiv2: Fix of CVE-2026-27631

CVE-2026-27631: fix integer overflow in preview component of PSD image parser...

6.9CVSS5.9AI score0.00255EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Debian dla-4547 : gimp - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4547 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4547-1 [email protected]...

7.8CVSS7.5AI score0.00755EPSS
Exploits0References8
OSV
OSV
added 2026/04/22 8:55 a.m.11 views

CLSA-2026-1776848113 gimp: Fix of 2 CVEs

CVE-2026-2239: fix heap-buffer-overflow in freadpascalstring when processing PSD files and a follow-up NULL pointer dereference in loadresource1006 alpha names handling - CVE-2026-2272: fix integer overflow in ICO file loading...

6.5CVSS5.8AI score0.00838EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-40493

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

9.8CVSS6AI score0.00367EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/18 3:22 a.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the PSD decoding process due to a mismatch between the computed bytes-per-pixel from the image header and the allocated pixel buffer size in LAB 16-bit mode. An attacker can achieve arbitrary code execution or cau...

9.8CVSS6.7AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2026/04/18 3:16 a.m.11 views

CVE-2026-40493

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

9.8CVSS0.00367EPSS
Exploits0References2
OSV
OSV
added 2026/04/18 3:16 a.m.6 views

DEBIAN-CVE-2026-40493

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

9.8CVSS5.6AI score0.00367EPSS
Exploits0References1
CVE
CVE
added 2026/04/18 1:41 a.m.23 views

CVE-2026-40493

SAIL PSD decoder in LAB mode (3 channels, 16-bit depth) suffers a heap buffer overflow due to a bpp mismatch: bytes-per-pixel is computed as (channelsdepth) but the allocated buffer uses the resolved pixel format (BPP40_CIE_LAB yields 5 bytes/pixel while 3 16 would imply 6). This causes every pix...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/18 1:41 a.m.5 views

CVE-2026-40493 SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/18 1:41 a.m.5 views

EUVD-2026-23646

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/18 1:41 a.m.37 views

CVE-2026-40493 SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

9.8CVSS0.00367EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit...

9.8CVSS5.7AI score0.00367EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.9 views

PT-2026-33586

Name of the Vulnerable Software and Affected Versions SAIL versions prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979 Description The PSD codec in this cross-platform image library for loading and saving images contains a heap buffer overflow when processing images in LAB mode. The issue...

9.8CVSS6AI score0.00367EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.10 views

SAIL 安全漏洞

SAIL is an open-source image decoding library developed by SAIL. SAIL has a security vulnerability, which stems from inconsistencies in byte-per-pixel calculations and pixel buffer allocations within the PSD encoder. This can lead to heap buffer overflows...

9.8CVSS5.9AI score0.00367EPSS
Exploits0References2
Debian
Debian
added 2026/04/17 9:18 p.m.4 views

[SECURITY] [DSA 6215-1] gimp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6215-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2026 https://www.debian.org/security/faq -...

7.8CVSS7.5AI score0.00755EPSS
Exploits0
OSV
OSV
added 2026/04/17 1:2 p.m.8 views

OESA-2026-1958 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

7.8CVSS6.2AI score0.00755EPSS
Exploits0References5
OSV
OSV
added 2026/04/17 1:2 p.m.8 views

OESA-2026-1957 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

7.8CVSS6.2AI score0.00755EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 7:34 a.m.14 views

Security Bulletin: IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990.

Summary IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux228x8664.whl which is vulnerable to CVE-2026-25990. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging library. From 10.3.0 to...

8.6CVSS5.8AI score0.00367EPSS
Exploits1Affected Software1
Rows per page
Query Builder