182 matches found
CVE-2025-65834
Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image...
DEBIAN-CVE-2025-66628
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...
CVE-2025-66628
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ReadTIMImage function. An attacker can access sensitive memory contents by supplying a specially crafted TIM image file with large width and height values, causing an integer overflow and subsequent out-of-boun...
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only)
Summary The TIM PSX TIM image parser in ImageMagick contains a critical integer overflow vulnerability in the ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file header and calculates imagesize = 2 width height without checking for overflow. On 32-bit...
CVE-2025-13678
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...
EUVD-2025-201398
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...
AZL-71555 CVE-2025-12385 affecting package qtdeclarative for versions less than 6.6.1-2
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...
CVE-2025-12385 Improper validation of <img> tag size in Text component parser
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...
CVE-2025-12385
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...
CVE-2025-11860
The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...
WordPress plugin Twitter Feed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
CVE-2025-11813 Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsivemap' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on the 'width' and 'height' attributes. This makes it...
PT-2025-42625
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-7 and 6.9.13-32 Description ImageMagick is a software suite for displaying, converting, and editing raster image files. An integer overflow exists in the BMP decoder on 32-bit systems in versions prior to...
ROS-20251008-09
The Open Asset Import Library Assimp 3D model import library vulnerability is related to the manipulation of the mWidth/mHeight the mWidth/mHeight argument. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service The Open Asset Import Library Assimp 3D...
EUVD-2012-2764
Malware in sbrugna...
EUVD-2025-25815
Malicious code in bioql PyPI...
CLSA-2025-1759420505 Fix CVE(s): CVE-2025-55212
SECURITY UPDATE: denial of Service vulnerability due to zero dimensions crash - debian/patches/CVE-2025-55212.patch: Fix invalid width or height checks in ThumbnailImage method and add safe reciprocal function to avoid division by zero - CVE-2025-55212...
ROS-20250930-04
The Open Asset Import Library Assimp 3D model import library implementation vulnerability is related to manipulation of the skinwidth/skinheight argument. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in Open Asset Import Library Assimp 3D...
CVE-2025-59933
CVE-2025-59933 affects libvips prior to 8.17.2 when built with PDF support via poppler. A buffer read overflow occurs in pdfload during header parsing of crafted PDFs that define a width but not a height. Affected versions: 8.17.1 and earlier; unaffected when built without PDF support or with PDF...