CLSA-2026-1780061802 Fix CVE(s): CVE-2026-42050

SECURITY UPDATE: fix stack-based buffer overflow in XTileImage triggered by a malicious MIFF file when right-clicking a tile to invoke the Load / Update menu item - debian/patches/CVE-2026-42050.patch: fix stack-based buffer overflow in XTileImage triggered by a malicious MIFF file when...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the XTileImage function. An attacker can cause a denial of service by tricking a user into opening a specially crafted MIFF file and right-clicking a tile to invoke the Load / Update menu item. Remediation...

CVE-2026-42050

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...

CVE-2026-42050 ImageMagick: Stack buffer overflow in XTileImage

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...

EUVD-2026-29204

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...

CVE-2026-42050

ImageMagick pre-7.1.2-21 and pre-6.9.13-46 is affected by a stack buffer overflow in XTileImage triggered when processing a malicious MIFF file in the display tool via the Load/Update tile action. Public sources consistently describe this as a stack buffer overflow vulnerability in XTileImage, po...

CVE-2026-2079

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

EUVD-2026-5734

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

PT-2026-6897

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A flaw exists that can lead to improper authorization. The issue affects the addMenu, updateMenu, and deleteMenu functions within the MenuController.java file located in the...

EUVD-2022-51734

Malicious code in bioql PyPI...

CVE-2024-24134

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting XSS via the 'Menu Name' and 'Description' fields in the Update Menu section...

CVE-2024-25419

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/updatemenu.php...

flusity CMS Cross-Site Request Forgery Vulnerability

flusity CMS is a user interaction interface solution where code can be easily changed or added. A cross-site request forgery vulnerability exists in flusity CMS version v2.33, which stems from a cross-site request forgery CSRF vulnerability in component /core/tools/updatemenu.php...

CVE-2024-24134

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting XSS via the 'Menu Name' and 'Description' fields in the Update Menu section...

CVE-2024-24134

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting XSS via the 'Menu Name' and 'Description' fields in the Update Menu section...

Cross site scripting

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting XSS via the 'Menu Name' and 'Description' fields in the Update Menu section...

PT-2024-20287 · Unknown · Sourcecodester Online Food Menu

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Food Menu version 1.0 Description: The issue concerns Cross Site Scripting XSS via the Menu Name and Description fields in the Update Menu section. This allows for potential malicious script injection. Recommendations: F...

Sourcecodester Online Food Menu Security Vulnerability

Online Food Menu is an online food menu for rems individual developers. A security vulnerability exists in Sourcecodester Online Food Menu version 1.0, which results from a cross-site scripting XSS attack on the Menu Name and Description fields in the Update Menu section...

CVE-2024-24134

The CVE-2024-24134 entry pertains to Sourcecodester Online Food Menu 1.0, vulnerable to Cross Site Scripting (XSS) via the Update Menu fields “Menu Name” and “Description.” The issue is caused by unsanitized input in these fields, enabling script injection. Connected sources corroborate the XSS r...

CVE-2024-24134

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting XSS via the 'Menu Name' and 'Description' fields in the Update Menu section...