Lucene search
+L

5 matches found

cvelist
cvelist
added 2026/04/06 3:33 p.m.33 views

CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

8.4CVSS0.00419EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/06 3:33 p.m.2 views

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/04/06 3:31 p.m.3 views

CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.6CVSS7.1AI score0.00482EPSS
Exploits1References22
attackerkb
attackerkb
added 2026/04/06 3:21 p.m.4 views

CVE-2026-34379

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS5.9AI score0.00283EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/03/03 6:16 p.m.2 views

DEBIAN-CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

5.1CVSS5AI score0.00245EPSS
Exploits0References1
Rows per page
Query Builder