491 matches found
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issue CVE-2026-42050: stack buffer overflow in XTileImage bsc1265048. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...
Important: libheif
Issue Overview: libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap...
JLSEC-2026-572
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...
CLSA-2026-1780061802 Fix CVE(s): CVE-2026-42050
SECURITY UPDATE: fix stack-based buffer overflow in XTileImage triggered by a malicious MIFF file when right-clicking a tile to invoke the Load / Update menu item - debian/patches/CVE-2026-42050.patch: fix stack-based buffer overflow in XTileImage triggered by a malicious MIFF file when...
SUSE CVE-2023-29452
Currently, geomap configuration Administration - General - Geographical maps allows using HTML in the field “Attribution text” when selected “Other” Tile provider...
Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3305 (ALAS-2026-3305)
The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3305 advisory. Stack buffer overflow in XTileImage CVE-2026-42050 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2026-32740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile...
Unity Linux 20.1060e / 20.1070e Security Update: openjpeg (UTSA-2026-016638)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016638 advisory. Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service application crash or...
SUSE CVE-2026-32740
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...
Astra Linux – Vulnerability in openimageio
There is a heap-based buffer overflow vulnerability in the tile decoding code of the TIFF image parser in OpenImageIO’s master-branch-9aeece7a and v2.3.19.0. A specially crafted TIFF file can lead to out-of-bounds memory corruption, which may result in arbitrary code execution. An attacker can...
Astra Linux – Vulnerability in Zabbix
Currently, the geomap configuration Administration - General - Geographical maps allows the use of HTML in the “Attribution text” field when the “Other” Tile provider is selected...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.12 contains multiple buffer overflows due to vulnerabilities in the numtilecolumns and numtilerow parameters of the picparameterset::dump function...
Astra Linux – Vulnerability in openexr
A flaw was discovered in the function dataWindowForTile of the IlmImf/ImfTiledMisc.cpp file. An attacker who can submit a crafted file for processing with OpenEXR could trigger an integer overflow, resulting in an out-of-bounds write operation on the heap. The most significant impact of this flaw...
Astra Linux – Vulnerability in openexr
There is a flaw in OpenEXR’s deep tile sample size calculations in versions before 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could trigger an integer overflow, resulting in an out-of-bounds read. The greatest risk of this flaw is to the application’s...
CVE-2026-32740
A flaw was found in libheif, a library for decoding and encoding HEIF and AVIF image files. This heap-buffer-overflow vulnerability allows a remote attacker to write arbitrary data beyond the intended memory boundary. By crafting a malicious HEIF/AVIF file with a specific grid tile configuration,...
CVE-2026-32814
A flaw was found in libheif, a HEIF and AVIF file format decoder and encoder. When processing a specially crafted HEIF or AVIF image containing a corrupted grid tile, the library fails to properly initialize memory. This can lead to an information disclosure, where uninitialized heap memory,...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the image decoding process when handling grid tile chroma compositing. An attacker can execute arbitrary code or cause a denial of service by crafting a specially designed HEIF/AVIF file with a 1×4 grid of...
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the decoding process of grid-based HEIF or AVIF images when a corrupted tile fails to decode and the library returns a success status, resulting in uninitialized heap memory being exposed as pixel data. ...
CVE-2026-32740
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...