EUVD-2026-33305

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

CVE-2026-46337

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

UBUNTU-CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

CVE-2026-34781

A flaw was found in Electron. An application that calls clipboard.readImage may be vulnerable to a denial of service DoS. If the system clipboard contains image data that fails to decode, the application can crash. This vulnerability does not lead to memory corruption or code execution. Mitigatio...

Linux Distros Unpatched Vulnerability : CVE-2026-34781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, app...

CVE-2026-34781 Electron crashes in clipboard.readImage() on malformed clipboard image data

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decod...

CVE-2026-34781

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decod...

CVE-2026-34781

CVE-2026-34781 affects Electron before versions 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5. Affected code path involves clipboard.readImage() when the system clipboard contains image data that cannot be decoded. In such cases a null bitmap is passed to image construction, leading to a controlled ...

CVE-2026-34781 Electron crashes in clipboard.readImage() on malformed clipboard image data

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decod...

GHSA-F37V-82C4-4X64 Electron: Crash in clipboard.readImage() on malformed clipboard image data

Impact Apps that call clipboard.readImage may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected...

NULL Pointer Dereference

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to NULL Pointer Dereference in the clipboard.readImage function when processing malformed clipboard image data...

PT-2026-30919

Name of the Vulnerable Software and Affected Versions Electron versions prior to 39.8.5, prior to 40.8.5, prior to 41.1.0, and prior to 42.0.0-alpha.5 Description Applications utilizing the clipboard.readImage function may experience a denial of service. If the system clipboard contains image dat...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write or read, in ReadDIBImage and WriteDIBImage in the DIB coder, due to an integer overflow. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Red Hat Bugzilla Bug...

GHSA-3Q5F-GMJC-38R8 ImageMagick: Memory leak in coders/txt.c without freetype

If a texture attribute is specified for a TXT file, an attempt will be made to read it via texture=ReadImagereadinfo,exception;. Later, when retrieving metrics via the GetTypeMetrics function, if this function fails i.e., status == MagickFalse, the calling function will exit immediately but fail ...

Integer Overflow or Wraparound

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2026-25795 ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSFWImage coders/sfw.c, when temporary file creation fails, readinfo is destroyed before its filename member is accessed, causing a NULL pointer dereferen...

CVE-2025-65803

An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service DoS via supplying a crafted PSD file...

CVE-2025-65803

An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service DoS via supplying a crafted PSD file...

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...