Think Broad, Act Narrow: CWE Identification with Multi-Agent Large Language Models

Machine learning and Large language models LLMs for vulnerability detection has received significant attention in recent years. Unfortunately, state-of-the-art techniques show that LLMs are unsuccessful in even distinguishing the vulnerable function from its benign counterpart, due to three main...

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

CVE-2025-48074

OpenEXR (v3.3.2) is vulnerable due to unvalidated dataWindow size values in file headers, causing excessive memory allocation and potential performance degradation or denial of service. The issue is fixed in v3.3.3; affected component is the OpenEXR EXR reader/writer code that processes header da...

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

CVE-2025-48074 OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

OESA-2025-1922 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

The vulnerability of the readConfig() function in the TraceConfiguration.cpp module of the “Red Database” database management system allows a hacker to cause a service failure.

The vulnerability of the readConfig function in the TraceConfiguration.cpp module of the “Red Database” database management system is related to the incorrect processing of the timeformat parameter. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-48071

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

CVE-2025-48073

OpenEXR 3.3.2 is vulnerable when reading a deep scanline image with a large sample count in reduceMemory mode, potentially crashing the target application via a NULL pointer dereference in a write operation. The issue is caused during the write path in ScanLineProcess::run_fill when the sample bu...

CVE-2025-48073

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

CVE-2025-48073 OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

CVE-2025-48072

OpenEXR 3.3.2 is vulnerable to a heap-based buffer overflow during read when decompressing DWAA-packed scan-line EXR files with a forged chunk. The root cause is bad pointer arithmetic in the DWAA decompressor, which can allow out-of-bounds reads. The issue is fixed in version 3.3.3. Exploitation...

CVE-2025-48071 OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

CVE-2025-48071

OpenEXR vulnerability CVE-2025-48071 is a heap-based buffer overflow in the EXR write/decompression path for ZIPS-packed deep scanline data when a forged chunk header causes the unpacked size to be inconsistent with the actual uncompressed data. The issue resides in OpenEXR’s chunk parsing and un...

CVE-2025-48071 OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

CVE-2025-48071 OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

GHSA-X22W-82JP-8RVF OpenEXR Out-Of-Memory via Unbounded File Header Values

Summary The OpenEXR file format defines many information about the final image inside of the file header, such as the size of data/display window. The application trusts the value of dataWindow size provided in the header of the input file, and performs computations based on this value. This may...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2025-5914: Fixed double free due to an integer overflow in the archivereadformatrarseekdata function bsc1244272 CVE-2025-5915: Fixed heap buffer over read in copyfromlzsswindow at archivereadsupportformatrar.c bsc1244273 CVE-2025-5916:...

[SECURITY] Fedora 42 Update: libtiff-4.7.0-6.fc42

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

PT-2025-31588 · Openexr +1 · Openexr +1

Name of the Vulnerable Software and Affected Versions: OpenEXR versions 3.3.2 Description: OpenEXR is an image storage format used in the motion picture industry. A NULL pointer dereference can occur in a write operation when reading a deep scanline image with a large sample count in reduceMemory...