Lucene search
+L

30 matches found

Snyk
Snyk
added 2026/07/01 7:25 p.m.3 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.8CVSS6AI score0.0022EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 7:16 p.m.6 views

CVE-2026-53466

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been...

6.5CVSS0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:20 p.m.11 views

CVE-2026-53466

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.15 views

Astra Linux – Vulnerability in sdl-image1.2

SDLimage is a library for loading images of various formats as SDL surfaces. In the dolayersurface function in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without being validated against the colormap size cmnum. A crafted .xcf file with a smal...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/07 11:25 p.m.6 views

SUSE CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

6.1CVSS5.8AI score0.00262EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/06 10:16 p.m.5 views

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS6AI score0.00262EPSS
Exploits0References5
OSV
OSV
added 2026/04/06 10:16 p.m.6 views

UBUNTU-CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/06 9:44 p.m.7 views

EUVD-2026-19527

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:44 p.m.10 views

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.5 views

openSUSE 16 Security Update : gimp (openSUSE-SU-2026:20100-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20100-1 advisory. Changes in gimp: - CVE-2025-14422: Fixed PNM File Parsing Integer Overflow bsc1255293 - CVE-2025-14423: Fixed LBM File Parsing Stack-based Buffe...

7.8CVSS7.7AI score0.00544EPSS
Exploits1References12
OSV
OSV
added 2026/01/21 1:31 p.m.2 views

OPENSUSE-SU-2026:20100-1 Security update for gimp

This update for gimp fixes the following issues: Changes in gimp: - CVE-2025-14422: Fixed PNM File Parsing Integer Overflow bsc1255293 - CVE-2025-14423: Fixed LBM File Parsing Stack-based Buffer Overflow bsc1255294 - CVE-2025-14424: Fixed XCF File Parsing Use-After-Free bsc1255295 - CVE-2025-1442...

7.8CVSS5.8AI score0.00544EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/12/23 9:31 p.m.3 views

CVE-2025-14424 GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.2AI score0.00539EPSS
Exploits0References2
CVE
CVE
added 2025/12/23 9:31 p.m.22 views

CVE-2025-14424

The CVE-2025-14424 issue affects GIMP’s XCF file parsing and is described as a Use-After-Free resulting from not validating the existence of an object before operating on it, enabling potential remote code execution. Connected advisories confirm this vulnerability alongside related CVEs (e.g., CV...

7.8CVSS7.8AI score0.00539EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-5058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image 2.0.4. A specially crafted XCF image can cause a heap...

8.8CVSS7.3AI score0.03616EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/06/23 2:0 a.m.3 views

gimp: Multiple use after free in XCF parser

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

7.3CVSS5.7AI score0.00168EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.8 views

The vulnerability of the GIMP graphic editor, related to copying buffers without checking the input data, allows a hacker to cause a service failure.

The vulnerability of the GIMP graphic editor relates to the copying of buffers without checking the input data. Exploiting this vulnerability allows a malicious actor to cause service interruptions using a specially created XCF file...

7.8CVSS6.5AI score0.00729EPSS
Exploits1References11Affected Software4
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.3 views

SUSE CVE-2007-4986

Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted 1 .dcm, 2 .dib, 3 .xbm, 4 .xcf, or 5 .xwd image file, which triggers a heap-based buffer overflow...

6.8CVSS8AI score0.03286EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:58 a.m.4 views

SUSE CVE-2016-7529

coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted XCF file...

6.5CVSS6.6AI score0.02991EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.3 views

SUSE CVE-2017-12691

The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service memory consumption via a crafted file...

6.5CVSS8.5AI score0.01913EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.5 views

SUSE CVE-2017-14449

A double-Free vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability...

8.8CVSS7.9AI score0.01677EPSS
Exploits0References5
Rows per page
Query Builder