JLSEC-2026-494 WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob...

EUVD-2015-6880

Malware in sbrugna...

EUVD-2007-1460

Malware in sbrugna...

EUVD-2021-24581

Malware in sbrugna...

EUVD-2007-0006

Malware in sbrugna...

EUVD-2010-0167

Malware in sbrugna...

EUVD-2012-4825

Malware in sbrugna...

EUVD-2021-24583

Malware in sbrugna...

EUVD-2012-2144

Malware in sbrugna...

EUVD-2022-47685

Malicious code in bioql PyPI...

Medium: GraphicsMagick

Issue Overview: ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. CVE-2025-27795 ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. CVE-2025-27796...

CVE-2021-38110

Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issu...

CVE-2021-38108

Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issu...

CVE-2012-4900

Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference...

SUSE CVE-2007-0002

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter libwpd before 0.8.9 allow user-assisted remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not proper...

SUSE CVE-2007-1466

Integer overflow in the WP6GeneralTextPacket::readContents function in WordPerfect Document importer/exporter libwpd before 0.8.9 allows user-assisted remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted WordPerfect file, a different...

SUSE CVE-2012-2149

The WPXContentListener::closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org OOo before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report th...

SUSE CVE-2014-9814

ImageMagick allows remote attackers to cause a denial of service NULL pointer dereference via a crafted wpg file...

SUSE CVE-2016-7997

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service assertion failure and crash via vectors related to a ReferenceBlob and a NULL pointer...

SUSE CVE-2017-16546

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service use of uninitialized data or invalid memory allocation or possibly have unspecified other impact via a...