Autodesk 3ds Max 缓冲区错误漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. Autodesk 3ds Max has a buffer error vulnerability, which arises from the possibility of out-of-bounds writing during the parsing of specially crafted TIF files. Malicious actors may exploit this...

Astra Linux - уязвимость в exiv2

In Exiv2 versions 0.27.1, an uncontrolled memory allocation for PngChunk::parseChunkContent allows an attacker to cause a denial of service crash due to a std::badalloc exception through a crafted PNG image file...

Astra Linux - уязвимость в libjpeg-turbo

Libjpeg-turbo 1.5.2 has a NULL Pointer Dereference issue in files jdpostct.c and jquant1.c, due to a malicious JPEG file...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...

ALSA-2026:19359 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

PT-2026-41064

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out of bounds read in the Media component allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using ...

Unity Linux 20.1060e / 20.1070e Security Update: exiv2 (UTSA-2026-017634)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017634 advisory. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2...

ALSA-2026:15887 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

LibRaw: LibRaw: Arbitrary code execution via specially crafted image file

A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful...

LibRaw: LibRaw: Arbitrary code execution via specially crafted image file

A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful...

LibRaw security update

An update is available for LibRaw. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibRaw is a library for reading RAW files obtained from digital photo cameras...

LibRaw: LibRaw: Arbitrary code execution via specially crafted image file

A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful...

Important: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: LibRaw: Memory Corruption via Malicious File Processing CVE-2026-24660 LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG...

Astra Linux - уязвимость в tiff

A memory leak flaw was discovered in Libtiff’s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to deliver a crafted TIFF image file to the tiffcrop utility, which causes this memory leak issue. As a result, the application crashes, potentially...

CVE-2026-40250

A flaw was found in OpenEXR, a library for the EXR image file format. An integer overflow vulnerability exists in the internaldwacompressor.h component during the calculation of image channel dimensions. This issue, caused by insufficient handling of int32 arithmetic, could allow a local attacker...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

PT-2026-33128

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icns slurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that proces...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the undopxr24impl function. An attacker can access sensitive heap memory contents by submitting a specially crafted EXR file that triggers the decoder to read uninitialized memory and include it in the...

ROS-20260401-73-0025

A vulnerability in the pngsetquantize function of the libpng PNG raster graphics library is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code using a specially generated PNG file...

ROS-20260401-73-0013

A vulnerability in the pngimagefinishread function of the pngimagefinishread library for handling bitmap graphics in the PNG libpng format is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by loading a...