CVE-2026-42144

This CVE affects the CImg Library: an integer overflow in the WH D size computation inside _load_pnm() can bypass the memory allocation guard, leading to a potentially undersized heap buffer and heap buffer overflow when loading crafted PNM/PGM/PPM images. The issue is mitigated by the patch intr...

PT-2026-36892

Name of the Vulnerable Software and Affected Versions CImg Library versions prior to commit 4ca26bc Description An integer overflow exists in the load pnm function during the computation of WHD size. A specially crafted PNM, PGM, or PPM file containing large dimension values can cause the...

HCL AION Security Bypass Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security bypass vulnerability that is caused by a container base image not being properly authenticated. An attacker can exploit the vulnerability to cause the use of an untrusted container image...

EUVD-2025-208721

HCL AION is affected by a vulnerability where container base images are not properly authenticated. This may expose the system to potential security risks such as usage of untrusted container images, which could lead to unintended behaviour or security impact...

AZL-78282 CVE-2026-27211 affecting package cloud-hypervisor 48.0.246-1

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2020-6345

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

PT-2024-37720 · Renesas +1 · R-Car Gen3 +1

Name of the Vulnerable Software and Affected Versions: Renesas R-Car Gen3 versions affected versions not specified Description: The issue is caused by a buffer overflow in the rcar dev init function due to the use of untrusted data rcar image number as a loop counter before verifying it against...

PT-2024-12815 · Joplin · Joplin

Name of the Vulnerable Software and Affected Versions: Joplin versions prior to 2.12.8 Description: A Cross site scripting XSS vulnerability in Joplin allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer preserves links, but unlike links, the target a...

USN-6170-1 libpod vulnerabilities

It was discovered that Podman incorrectly handled certain images. An attacker could possibly use this issue to pull an untrusted image...

AZL-25850 CVE-2023-28642 affecting package moby-runc for versions less than 1.1.5-1

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...

CVE-2023-28642

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...

PT-2021-7754 · Stb +3 · Stb +3

Name of the Vulnerable Software and Affected Versions: stb versions 2.26 Description: The issue is related to a buffer overflow vulnerability in the stbi extend receive function of the stb image.h component in the stb library for C/C++. This vulnerability can be exploited by a remote attacker usi...

CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Mitigation This flaw can be mitigated by...

PT-2019-13267 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 9.5.0.20723 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The fla...

Important: Red Hat Security Advisory: : New imlib packages available

Updated imlib packages are now available for Red Hat Linux 6.2, 7, 7.1 and 7.2 which fix potential problems loading untrusted images. Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package, which has various problems making it unsuitable for loading untrusted...