488 matches found
OSV-2026-548 UNKNOWN in ojph::local::precinct::parse
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=500177411 Crash type: UNKNOWN Crash state: ojph::local::precinct::parse ojph::local::resolution::parseoneprecinct ojph::local::tile::parsetileheader...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the dolayersurface process when pixel index values from decoded XCF tile data are used directly as colormap indices without validation against the colormap size. An attacker can cause heap out-of-bounds reads and...
CVE-2026-35444
SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...
GHSA-3H9H-QFVW-98HQ OpenEXR Makes Use of Uninitialized Memory
Summary While fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on uninitialized data inside genericunpack. This indicates a use of uninitialized memory CWE-457. The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC. Details Environment: -...
CLSA-2026-1775211239 openexr: Fix of 4 CVEs
CVE-2025-12495 CVE-2025-12839 CVE-2025-12840: fix heap buffer overflows in the C core decoding pipeline missing nread validation in exrreadchunk, missing packed/unpacked size check for uncompressed tiles, missing storagemode guard in chunk offset computation - CVE-2025-64181: fix use of...
EUVD-2026-17227
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...
FreeRDP 安全漏洞
FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the progressivedecompresstileupgrade function, which only issued a warning after detecting mismatches and...
Security update for libjxl (moderate)
openSUSE Security Update: Security update for libjxl Announcement ID: openSUSE-SU-2026:0107-1 Rating: moderate References: 1258090 Cross-References: CVE-2025-12474 CVSS scores: CVE-2025-12474 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE...
EUVD-2026-14901
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...
CVE-2021-33647
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers...
CVE-2025-23573
Cross-Site Request Forgery CSRF vulnerability in sammyb WP Background Tile wp-background-tile allows Stored XSS.This issue affects WP Background Tile: from n/a through = 1.0...
CVE-2025-67419
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
CVE-2025-67419
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
EUVD-2026-0799
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
PT-2026-29136
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. The progressive decompress tile upgrade function detects a mismatch through progressive rfx quant cmp equal but only emits a warning,...
Denial Of Service (DoS)
ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to unsigned integer underflow and division-by-zero conditions in the CLAHEImage function when tile width or height is zero, which allows an attacker to trigger out-of-bounds memory access or application crashes by...
OESA-2025-2589 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
OESA-2025-2587 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
ImageMagick < 7.1.2-8 DoS (GHSA-wpp4-vqfq-v4hp)
The remote host has a version of ImageMagick installed that is prior to prior to 7.1.2-8. It is, therefore, affected by denial of service vulnerability as referenced in GHSA-wpp4-vqfq-v4hp advisory. - ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick...
SUSE CVE-2025-62594
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow...