Search CVE reports


Toggle filters

1 – 10 of 1260 results


CVE-2026-57966

Medium priority
Needs evaluation

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by...

1 affected package

spice-vdagent

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
spice-vdagent Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-57965

Medium priority
Needs evaluation

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent...

1 affected package

spice-vdagent

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
spice-vdagent Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-57964

Medium priority
Needs evaluation

[Unknown description]

1 affected package

spice-vdagent

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
spice-vdagent Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-46604

Medium priority
Needs evaluation

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

1 affected package

golang-golang-x-image

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-image Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-46602

Medium priority
Needs evaluation

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

1 affected package

golang-golang-x-image

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-image Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-46601

Medium priority
Needs evaluation

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.

1 affected package

golang-golang-x-image

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-image Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-56370

Medium priority
Needs evaluation

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying...

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-56368

Medium priority
Needs evaluation

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images,...

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-56379

Medium priority
Needs evaluation

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick...

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-56376

Medium priority
Needs evaluation

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted...

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages