Lucene search
+L

1189 matches found

UbuntuCve
UbuntuCve
added 2026/03/26 9:17 p.m.9 views

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

6.5CVSS7.1AI score0.00485EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/03/26 8:0 p.m.7 views

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

6.5CVSS7.4AI score0.00485EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/26 8:0 p.m.44 views

CVE-2026-2239 Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

2.8CVSS0.00485EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/26 8:0 p.m.3 views

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

6.5CVSS6AI score0.00485EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/16 3:30 p.m.3 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the PSD file preview. An attacker can exhaust server memory resources by uploading a specially crafted PSD file, potentially leading to a denial of service. Remediation Upgrade...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.10 views

Mattermost fails to bound memory allocation when processing PSD image files

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/03/16 1:37 p.m.11 views

CLSA-2026-1773668222 Fix CVE(s): CVE-2026-24481

SECURITY UPDATE: heap information disclosure in PSD handler - debian/patches/CVE-2026-24481.patch: zero-initialize pixel buffer in ReadPSDChannelZip to prevent heap info leak when ZIP-compressed layer data decompresses to fewer bytes than expected - CVE-2026-24481...

7.5CVSS7.2AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 11:33 a.m.4 views

CVE-2026-26246 Memory Exhaustion via Malformed PSD File Upload

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

4.3CVSS6AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:33 a.m.10 views

CVE-2026-26246

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 11:33 a.m.3 views

CVE-2026-26246 Memory Exhaustion via Malformed PSD File Upload

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.11 views

openSUSE 16 Security Update : ImageMagick (openSUSE-SU-2026:20337-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20337-1 advisory. - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can...

9.8CVSS6.1AI score0.00671EPSS
Exploits3References114
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.11 views

SUSE SLES15: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2026:0852-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0852-1 advisory. - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial ...

9.8CVSS7AI score0.00671EPSS
Exploits0References94
OSV
OSV
added 2026/03/09 3:32 p.m.3 views

SUSE-SU-2026:0852-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

9.8CVSS6AI score0.00671EPSS
Exploits0References63
OpenVAS
OpenVAS
added 2026/03/09 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2026-aecd3809f1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.1AI score0.00485EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.6 views

Fedora 42 : gimp (2026-aecd3809f1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-aecd3809f1 advisory. This is a security update fixing the loader for PSD files. Tenable has extracted the preceding description block directly from the Fedora security advisory...

6.5CVSS7.2AI score0.00485EPSS
Exploits1References2
Amazon
Amazon
added 2026/03/06 12:0 a.m.6 views

Medium: gimp

Issue Overview: GIMP: PSD loader: heap-buffer-overflow in freadpascalstring no null terminator CVE-2026-2239 An integer overflow vulnerability has been identified in the PSP Paint Shop Pro file parser of GIMP. The issue occurs in the readcreatorblock function, where the Creator metadata block is...

6.5CVSS6.1AI score0.00838EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.9 views

Amazon Linux 2 : python-pillow, --advisory ALAS2-2026-3180 (ALAS-2026-3180)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3180 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when...

8.6CVSS6.1AI score0.00367EPSS
Exploits1References4
Amazon
Amazon
added 2026/03/06 12:0 a.m.8 views

Important: python-pillow

Issue Overview: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-25990 Affected Packages: python-pillow Note: This advisory is applicable to Amazon...

9.3CVSS5.8AI score0.00367EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.137 views

📄 psd-tools Denial of Service

When a specially crafted PSD file contains malformed RLE-compressed image data for example, a literal run extending beyond the expected row size, the internal decoderle function raises a ValueError in psd-tools, resulting in a denial of service condition...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-26457

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in the parsing of PSD files due to insufficient validation of user-supplied data, leading to an integer overflow before buffer allocation. This can allow a remote attacker to execu...

7.8CVSS7.6AI score0.00755EPSS
Exploits0References56
Rows per page
Query Builder