TencentOS Server 4: gdk-pixbuf2 (TSSA-2026:0321)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0321 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the gdkpixbufjpegimageload function of the JPEG image loader. An attacker can cause application crashes and disrupt service availability by submitting a specially crafted JPEG image that triggers improper...

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

Linux Distros Unpatched Vulnerability : CVE-2024-53863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request...

SUSE CVE-2017-2908

An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A...

WordPress < 4.9 Multiple Vulnerabilities

WordPress is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

WordPress < 4.9.9 Remote Code Execution Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.9.9. It is, therefore, affected by remote command execution vulnerabilities in its thumbnail processing component due to insufficient validation of user input. An authenticated,...

CVE-2018-1000773

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require...

UBUNTU-CVE-2018-1000773

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require...

Input validation

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require...

CVE-2018-1000773

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require...

CVE-2018-1000773

Removed by vendor...

CVE-2017-1000600

WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has...

CVE-2017-1000600

WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has...

CVE-2017-1000600

WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has...

CVE-2017-1000600

WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has...