CVE-2026-3102 exiftool PNG File MacOS.pm SetMacOSTags os command injection

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

CVE-2025-70327

TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...

exiftool 操作系统命令注入漏洞

Exiftool is an open-source application developed by ExifTool. It makes metadata more accessible. Versions of Exiftool 13.49 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the SetMacOSTags function in the PNG file parser component,...

PT-2026-21764

Name of the Vulnerable Software and Affected Versions exiftool versions prior to 13.50 Description An OS command injection issue exists in the PNG File Parser component of exiftool on macOS. The flaw is located in the SetMacOSTags function within the lib/Image/ExifTool/MacOS.pm file. A remote...

SUSE-SU-2026:0599-1 Security update for libpng12

This update for libpng12 fixes the following issues: - CVE-2026-25646: heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020...

Security update for libpng12

This update for libpng12 fixes the following issues: CVE-2026-25646: heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE-SU-2026:0598-1 Security update for libpng12

This update for libpng12 fixes the following issues: - CVE-2026-25646: heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2026-25646: heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE-SU-2026:0596-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running pngimage bsc1257364. - CVE-2025-28164: memory leaks when running pngimage bsc1257365. - CVE-2026-22695: heap buffer over-read in pngimagefinishread bsc1256525. - CVE-2026-22801: integer truncation...

CLSA-2026-1771840259 libpng: Fix of CVE-2026-25646

CVE-2026-25646: fix out-of-bounds read and potential heap buffer overflow in pngsetquantize caused by stale palette indices during color pruning...

CVE-2026-2911

A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

Important: Red Hat Security Advisory: libpng15 security update

An update for libpng15 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2026-2886

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function setdevicename of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to t...

Important: libpng15 security update

The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files. This version should be used only if you are unable to use the current version of libpng. Security Fixes: libpng: LIBPNG has a heap buffer overflow i...

libpng15 security update

1.5.30-14.1 - fix CVE-2026-25646: heap buffer overflow in pngsetquantize RHEL-148404...

ALSA-2026:3031 Important: libpng15 security update

The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files. This version should be used only if you are unable to use the current version of libpng. Security Fixes: libpng: LIBPNG has a heap buffer overflow i...

CVE-2026-2872

A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...

CVE-2026-2873

A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2026-2905

A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploi...