CVE-2026-8669

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match...

CVE-2026-8669

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match...

CVE-2026-8454

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The...

PT-2026-41299

Name of the Vulnerable Software and Affected Versions Imager versions prior to 1.031 Description Imager for Perl allows a heap out of bounds OOB write—a memory corruption where data is written outside the boundaries of an allocated heap buffer—when processing crafted multi-frame GIF files. The i...

CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

CVE-2026-44636

CVE-2026-44636 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in sixel_encode_highcolor’s allocation size calculation (widthheight) can cause a heap buffer overflow when encoding very large pixel buffers; callers may trigger allocation wrapping if width height > INT_MAX. T...

CVE-2026-44636 libsixel: integer overflow in encoder

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

EUVD-2026-30409

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

CVE-2026-43904 OpenImageIO: Softimage PIC RLE decoder heap buffer overflow — longCount not clamped to image width

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderblockimage function. An attacker can inject arbitrary CSS into the style attribute of an image element by supplying a crafted value to the :width: or :height: option, which is insufficiently validat...

GHSA-CCFX-MFMX-2FX9 Mistune Image Directive CSS Injection Vulnerability

Summary The Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". This pattern is applied via re.match which anchors only at the start of the string, not the end. Any value that begins with one or more digits passes validation,...

Mistune Image Directive CSS Injection Vulnerability

Summary The Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". This pattern is applied via re.match which anchors only at the start of the string, not the end. Any value that begins with one or more digits passes validation,...

PT-2026-41147

Name of the Vulnerable Software and Affected Versions mistune affected versions not specified Description The Image directive plugin fails to properly validate the :width: and :height: options. The validation uses a regular expression that only checks if the value starts with a digit, rather than...

CLSA-2026-1778602862 vim: Fix of 4 CVEs

CVE-2022-2175: fix invalid memory access in cmdlineinsertreg when using an expression on the command line; save/restore newcmdpos around the expression evaluation exgetln.c, upstream patch 8.2.5148; hunk 3 context adjusted for 8.2.2637 - CVE-2022-3256: fix use-after-free in movemark when an...

Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017435)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017435 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a malicious server might trigger out of...

CVE-2026-42241

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

CVE-2026-42241 ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

CVE-2026-42241

ParquetSharp (a .NET library for Parquet) has a vulnerability in DecimalConverter.ReadDecimal from 18.1.0 up to before 23.0.0.1 where a stackalloc is performed using an attacker‑supplied width, allowing stack overflow if a decimal column width is unreasonably large. In a service environment, this...