Monthly
Integer overflow in GIMP XPM file parser enables remote code execution when processing malicious XPM image files. Affects GIMP installations across platforms. Attackers can execute arbitrary code in victim's process context by delivering crafted XPM files via social engineering or drive-by downloads. Vulnerability requires user interaction (opening malicious file). CVSS 7.8 (High severity). No public exploit identified at time of analysis. Upstream patch committed to GIMP repository; vendor-released version not independently confirmed.
Remote code execution in GIMP via integer overflow during ANI (animated cursor) file parsing allows unauthenticated attackers to execute arbitrary code with user privileges when malicious ANI files are opened. Exploitation requires user interaction (opening crafted file or visiting attacker-controlled page). Insufficient validation of user-supplied data triggers integer overflow before buffer allocation, enabling memory corruption. No public exploit identified at time of analysis. CVSS 7.8 (High) reflects local attack vector with no privilege requirements.
Integer overflow in GIMP PSD file parser enables remote code execution when users open malicious PSD files. Affects GIMP installations across platforms. Exploitation requires user interaction (opening crafted file). Attacker achieves arbitrary code execution in application context with high confidentiality, integrity, and availability impact. Publicly available exploit code exists. Insufficient validation of user-supplied data during buffer allocation causes overflow, allowing memory corruption and code execution.
Integer overflow in wolfSSL CMAC implementation (versions ≤5.9.0) enables zero-effort cryptographic forgery. The wc_CmacUpdate function uses a 32-bit counter (totalSz) that wraps to zero after processing 4 GiB of data, erroneously discarding live CBC-MAC chain state. Attackers can forge CMAC authentication tags by crafting messages with identical suffixes beyond the 4 GiB boundary, undermining message authentication integrity in unauthenticated network contexts. No public exploit identified at time of analysis.
Remote denial-of-service in Apache ActiveMQ 6.0.0 through 6.2.3 allows unauthenticated network attackers to crash the MQTT broker via malformed control packets. An integer overflow in the MQTT protocol handler's remaining length field validation enables resource exhaustion without authentication. This vulnerability stems from an incomplete patch - the fix for CVE-2025-66168 was applied only to 5.19.x branches but omitted from all 6.x releases until 6.2.4. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
Integer overflow in NVIDIA Triton Inference Server allows unauthenticated remote attackers to crash the server through malformed requests, causing denial of service. All versions prior to r26.02 are affected. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS and KEV data not provided; no public exploit identified at time of analysis. Organizations running Triton Inference Server for ML model deployment should prioritize patching to prevent service disruption.
Heap-based buffer overflow in LibRaw's x3f_thumb_loader function allows remote code execution via malformed image files. The vulnerability affects LibRaw commit d20315b, a widely-used raw image processing library integrated into applications like ImageMagick, GIMP, and numerous photo management tools. The CVSS 9.8 critical rating reflects network-exploitable conditions requiring no authentication or user interaction. With an EPSS score not yet available and no CISA KEV listing, active exploitation is not confirmed at time of analysis, though the attack complexity is low and requires only delivering a specially crafted file to vulnerable processing workflows.
Heap buffer overflow in LibRaw's x3f_load_huffman function (commit d20315b) allows remote attackers to achieve arbitrary code execution via malicious X3F image files. The vulnerability stems from an integer overflow (CWE-190) leading to heap corruption. CVSS 8.1 reflects high impact across confidentiality, integrity, and availability, though attack complexity is rated high. EPSS data not available; no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Reported by Cisco Talos (TALOS-2026-2359), affecting LibRaw's Sigma X3F raw image parsing functionality.
Heap buffer overflow in LibRaw's DNG image processing (commit 8dc68e2) enables remote code execution when parsing maliciously crafted uncompressed floating-point DNG files. The vulnerability stems from an integer overflow in uncompressed_fp_dng_load_raw that miscalculates buffer sizes, allowing network-based attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). No public exploit identified at time of analysis, though Cisco Talos has published technical details. Authentication requirements not confirmed from available data, but CVSS vector indicates no privileges required (PR:N).
Integer overflow in LibRaw's deflate_dng_load_raw function (commit 8dc68e2) enables remote heap buffer overflow via crafted DNG image files, allowing potential code execution without authentication. With CVSS 8.1 and network-accessible attack vector requiring no user interaction, this represents significant risk for applications processing untrusted DNG files. EPSS data not available; no public exploit identified at time of analysis.
Integer overflow in GIMP XPM file parser enables remote code execution when processing malicious XPM image files. Affects GIMP installations across platforms. Attackers can execute arbitrary code in victim's process context by delivering crafted XPM files via social engineering or drive-by downloads. Vulnerability requires user interaction (opening malicious file). CVSS 7.8 (High severity). No public exploit identified at time of analysis. Upstream patch committed to GIMP repository; vendor-released version not independently confirmed.
Remote code execution in GIMP via integer overflow during ANI (animated cursor) file parsing allows unauthenticated attackers to execute arbitrary code with user privileges when malicious ANI files are opened. Exploitation requires user interaction (opening crafted file or visiting attacker-controlled page). Insufficient validation of user-supplied data triggers integer overflow before buffer allocation, enabling memory corruption. No public exploit identified at time of analysis. CVSS 7.8 (High) reflects local attack vector with no privilege requirements.
Integer overflow in GIMP PSD file parser enables remote code execution when users open malicious PSD files. Affects GIMP installations across platforms. Exploitation requires user interaction (opening crafted file). Attacker achieves arbitrary code execution in application context with high confidentiality, integrity, and availability impact. Publicly available exploit code exists. Insufficient validation of user-supplied data during buffer allocation causes overflow, allowing memory corruption and code execution.
Integer overflow in wolfSSL CMAC implementation (versions ≤5.9.0) enables zero-effort cryptographic forgery. The wc_CmacUpdate function uses a 32-bit counter (totalSz) that wraps to zero after processing 4 GiB of data, erroneously discarding live CBC-MAC chain state. Attackers can forge CMAC authentication tags by crafting messages with identical suffixes beyond the 4 GiB boundary, undermining message authentication integrity in unauthenticated network contexts. No public exploit identified at time of analysis.
Remote denial-of-service in Apache ActiveMQ 6.0.0 through 6.2.3 allows unauthenticated network attackers to crash the MQTT broker via malformed control packets. An integer overflow in the MQTT protocol handler's remaining length field validation enables resource exhaustion without authentication. This vulnerability stems from an incomplete patch - the fix for CVE-2025-66168 was applied only to 5.19.x branches but omitted from all 6.x releases until 6.2.4. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
Integer overflow in NVIDIA Triton Inference Server allows unauthenticated remote attackers to crash the server through malformed requests, causing denial of service. All versions prior to r26.02 are affected. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS and KEV data not provided; no public exploit identified at time of analysis. Organizations running Triton Inference Server for ML model deployment should prioritize patching to prevent service disruption.
Heap-based buffer overflow in LibRaw's x3f_thumb_loader function allows remote code execution via malformed image files. The vulnerability affects LibRaw commit d20315b, a widely-used raw image processing library integrated into applications like ImageMagick, GIMP, and numerous photo management tools. The CVSS 9.8 critical rating reflects network-exploitable conditions requiring no authentication or user interaction. With an EPSS score not yet available and no CISA KEV listing, active exploitation is not confirmed at time of analysis, though the attack complexity is low and requires only delivering a specially crafted file to vulnerable processing workflows.
Heap buffer overflow in LibRaw's x3f_load_huffman function (commit d20315b) allows remote attackers to achieve arbitrary code execution via malicious X3F image files. The vulnerability stems from an integer overflow (CWE-190) leading to heap corruption. CVSS 8.1 reflects high impact across confidentiality, integrity, and availability, though attack complexity is rated high. EPSS data not available; no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Reported by Cisco Talos (TALOS-2026-2359), affecting LibRaw's Sigma X3F raw image parsing functionality.
Heap buffer overflow in LibRaw's DNG image processing (commit 8dc68e2) enables remote code execution when parsing maliciously crafted uncompressed floating-point DNG files. The vulnerability stems from an integer overflow in uncompressed_fp_dng_load_raw that miscalculates buffer sizes, allowing network-based attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). No public exploit identified at time of analysis, though Cisco Talos has published technical details. Authentication requirements not confirmed from available data, but CVSS vector indicates no privileges required (PR:N).
Integer overflow in LibRaw's deflate_dng_load_raw function (commit 8dc68e2) enables remote heap buffer overflow via crafted DNG image files, allowing potential code execution without authentication. With CVSS 8.1 and network-accessible attack vector requiring no user interaction, this represents significant risk for applications processing untrusted DNG files. EPSS data not available; no public exploit identified at time of analysis.