Lucene search
K

488 matches found

OSV
OSV
added 2026/04/09 12:10 a.m.11 views

OSV-2026-548 UNKNOWN in ojph::local::precinct::parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=500177411 Crash type: UNKNOWN Crash state: ojph::local::precinct::parse ojph::local::resolution::parseoneprecinct ojph::local::tile::parsetileheader...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/04/06 11:6 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the dolayersurface process when pixel index values from decoded XCF tile data are used directly as colormap indices without validation against the colormap size. An attacker can cause heap out-of-bounds reads and...

7.1CVSS7AI score0.00262EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/06 9:44 p.m.4 views

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS5.4AI score0.00262EPSS
Exploits0
OSV
OSV
added 2026/04/06 5:51 p.m.2 views

GHSA-3H9H-QFVW-98HQ OpenEXR Makes Use of Uninitialized Memory

Summary While fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on uninitialized data inside genericunpack. This indicates a use of uninitialized memory CWE-457. The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC. Details Environment: -...

7.5CVSS7.2AI score0.00373EPSS
Exploits1References8
OSV
OSV
added 2026/04/03 10:14 a.m.6 views

CLSA-2026-1775211239 openexr: Fix of 4 CVEs

CVE-2025-12495 CVE-2025-12839 CVE-2025-12840: fix heap buffer overflows in the C core decoding pipeline missing nread validation in exrreadchunk, missing packed/unpacked size check for uncompressed tiles, missing storagemode guard in chunk offset computation - CVE-2025-64181: fix use of...

7.8CVSS5.9AI score0.00373EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/30 9:42 p.m.4 views

EUVD-2026-17227

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

6.5CVSS6AI score0.00426EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.11 views

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the progressivedecompresstileupgrade function, which only issued a warning after detecting mismatches and...

6.5CVSS5.8AI score0.00426EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/30 12:0 a.m.3 views

Security update for libjxl (moderate)

openSUSE Security Update: Security update for libjxl Announcement ID: openSUSE-SU-2026:0107-1 Rating: moderate References: 1258090 Cross-References: CVE-2025-12474 CVSS scores: CVE-2025-12474 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE...

6.9CVSS5.9AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 3:30 p.m.6 views

EUVD-2026-14901

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

7.8CVSS6.1AI score0.00553EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.9 views

CVE-2021-33647

When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers...

7.5CVSS7AI score0.00852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.3 views

CVE-2025-23573

Cross-Site Request Forgery CSRF vulnerability in sammyb WP Background Tile wp-background-tile allows Stored XSS.This issue affects WP Background Tile: from n/a through = 1.0...

7.1CVSS7.2AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 2:2 a.m.4 views

CVE-2025-67419

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...

7.5CVSS6.9AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/05 12:0 a.m.24 views

CVE-2025-67419

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...

0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/05 12:0 a.m.5 views

EUVD-2026-0799

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...

7.5CVSS6.4AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-29136

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. The progressive decompress tile upgrade function detects a mismatch through progressive rfx quant cmp equal but only emits a warning,...

9.8CVSS5.9AI score0.00426EPSS
Exploits1References58
Veracode
Veracode
added 2025/11/19 1:19 p.m.8 views

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to unsigned integer underflow and division-by-zero conditions in the CLAHEImage function when tile width or height is zero, which allows an attacker to trigger out-of-bounds memory access or application crashes by...

5.5CVSS6.9AI score0.00334EPSS
Exploits1References4Affected Software13
OSV
OSV
added 2025/10/31 2:13 p.m.3 views

OESA-2025-2589 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

5.5CVSS6.8AI score0.00334EPSS
Exploits1References2
OSV
OSV
added 2025/10/31 2:13 p.m.2 views

OESA-2025-2587 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

5.5CVSS6.8AI score0.00334EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/30 12:0 a.m.3 views

ImageMagick < 7.1.2-8 DoS (GHSA-wpp4-vqfq-v4hp)

The remote host has a version of ImageMagick installed that is prior to prior to 7.1.2-8. It is, therefore, affected by denial of service vulnerability as referenced in GHSA-wpp4-vqfq-v4hp advisory. - ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick...

5.5CVSS5.4AI score0.00334EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/10/29 12:23 a.m.4 views

SUSE CVE-2025-62594

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow...

5.3CVSS6.8AI score0.00334EPSS
Exploits1References7
Rows per page
Query Builder