USN-7728-1 imagemagick vulnerabilities

It was discovered that ImageMagick did not properly process certain format strings when interpreting image filenames. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. CVE-2025-53014 It was discovered that ImageMagick did not properly proce...

SUSE CVE-2025-55298

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...

CVE-2025-55298

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...

CVE-2025-55298

ImageMagick vulnerability CVE-2025-55298 is caused by a format string bug in InterpretImageFilename where un-sanitized user input is passed to FormatLocaleString, enabling potential heap overflow or remote code execution due to memory overwrite. Affected releases before patches include ImageMagic...

CVE-2025-55298 ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...

CVE-2025-55298 ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...

CVE-2025-55298

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...

ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution

Summary A format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code...

DEBIAN-CVE-2024-53126

In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnetopenpfbar and snetopenvfbar a string later passed to pcimiomapregions is placed on the stack. Neither pcimiomapregions nor the functions it calls copy that string. Should the string...

AZL-54129 CVE-2024-53126 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnetopenpfbar and snetopenvfbar a string later passed to pcimiomapregions is placed on the stack. Neither pcimiomapregions nor the functions it calls copy that string. Should the string...

CVE-2024-6443

In utf8trunc in zephyr/lib/utils/utf8.c, lastbytep can point to one byte before the string pointer if the string is empty...

Samsung Mobile Devices Improper Input Validation Vulnerability

Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic...

Fortinet Fortigate Format String Bug in Fclicense daemon (FG-IR-23-119)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-119 advisory. - A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through...

SUSE CVE-2008-7160

The silchttpserverparse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing SILC Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header,...

SUSE CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

Format string bug in the Redis cache implementation

...

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...

Format string

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...