1189 matches found
CVE-2026-2239
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...
CVE-2026-2239
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...
CVE-2026-2239 Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...
CVE-2026-2239
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the PSD file preview. An attacker can exhaust server memory resources by uploading a specially crafted PSD file, potentially leading to a denial of service. Remediation Upgrade...
Mattermost fails to bound memory allocation when processing PSD image files
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...
CLSA-2026-1773668222 Fix CVE(s): CVE-2026-24481
SECURITY UPDATE: heap information disclosure in PSD handler - debian/patches/CVE-2026-24481.patch: zero-initialize pixel buffer in ReadPSDChannelZip to prevent heap info leak when ZIP-compressed layer data decompresses to fewer bytes than expected - CVE-2026-24481...
CVE-2026-26246 Memory Exhaustion via Malformed PSD File Upload
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...
CVE-2026-26246
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...
CVE-2026-26246 Memory Exhaustion via Malformed PSD File Upload
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...
openSUSE 16 Security Update : ImageMagick (openSUSE-SU-2026:20337-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20337-1 advisory. - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can...
SUSE SLES15: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2026:0852-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0852-1 advisory. - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial ...
SUSE-SU-2026:0852-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...
Fedora: Security Advisory (FEDORA-2026-aecd3809f1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : gimp (2026-aecd3809f1)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-aecd3809f1 advisory. This is a security update fixing the loader for PSD files. Tenable has extracted the preceding description block directly from the Fedora security advisory...
Medium: gimp
Issue Overview: GIMP: PSD loader: heap-buffer-overflow in freadpascalstring no null terminator CVE-2026-2239 An integer overflow vulnerability has been identified in the PSP Paint Shop Pro file parser of GIMP. The issue occurs in the readcreatorblock function, where the Creator metadata block is...
Amazon Linux 2 : python-pillow, --advisory ALAS2-2026-3180 (ALAS-2026-3180)
The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3180 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when...
Important: python-pillow
Issue Overview: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-25990 Affected Packages: python-pillow Note: This advisory is applicable to Amazon...
📄 psd-tools Denial of Service
When a specially crafted PSD file contains malformed RLE-compressed image data for example, a literal run extending beyond the expected row size, the internal decoderle function raises a ValueError in psd-tools, resulting in a denial of service condition...
PT-2026-26457
Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in the parsing of PSD files due to insufficient validation of user-supplied data, leading to an integer overflow before buffer allocation. This can allow a remote attacker to execu...