Lucene search
K

3159 matches found

Snyk
Snyk
added 2026/05/14 9:24 p.m.7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the ConvertCbYCrYToRGB function. An attacker can cause a heap out-of-bounds write by supplying crafted image data that triggers a signed integer overflow in the pixel-loop index expression, potentially...

8.8CVSS6.2AI score0.00371EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:17 p.m.6 views

DEBIAN-CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/14 8:17 p.m.8 views

CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:17 p.m.8 views

UBUNTU-CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/14 7:8 p.m.10 views

CVE-2026-43996 OpenImageIO: Integer wraparound in bounds check of decode_pixel leads to out-of-bounds read in TGA paletted image decoder

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 6:40 p.m.4 views

CLSA-2026-1778767103 Fix CVE(s): CVE-2026-25576, CVE-2026-28688, CVE-2026-28690

Security: - CVE-2026-25576: heap buffer over-read in raw pixel coders - CVE-2026-28688: use-after-free in MSL encoder - CVE-2026-28690: stack-based buffer overflow in MNG/JNG encoder...

6.9CVSS7.6AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from...

5.5CVSS6AI score0.00177EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/13 6:58 a.m.7 views

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/13 6:48 a.m.9 views

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/13 5:54 a.m.12 views

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/13 4:43 a.m.11 views

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/13 1:5 a.m.10 views

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References6
GoogleProjectZero
GoogleProjectZero
added 2026/05/13 12:0 a.m.37 views

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

Posted by Seth Jenkins We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026. Whil...

9.8CVSS6.2AI score0.01613EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/05/12 11:31 p.m.12 views

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/12 11:28 p.m.10 views

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References6
OSV
OSV
added 2026/05/11 8:25 a.m.5 views

CLSA-2026-1778487942 Fix CVE(s): CVE-2026-25576

SECURITY UPDATE: fix heap buffer over-read in raw pixel coders when -extract dimensions exceed -size dimensions - debian/patches/CVE-2026-25576.patch: fix heap buffer over-read in raw pixel coders when -extract dimensions exceed -size dimensions - CVE-2026-25576...

5.5CVSS7.3AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 8:24 a.m.5 views

CLSA-2026-1778487863 Fix CVE(s): CVE-2026-25576

SECURITY UPDATE: fix heap buffer over-read in raw pixel coders when -extract dimensions exceed -size dimensions - debian/patches/CVE-2026-25576.patch: fix heap buffer over-read in raw pixel coders when -extract dimensions exceed -size dimensions - CVE-2026-25576...

5.5CVSS7.3AI score0.00181EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017584)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017584 advisory. In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavi...

4.3CVSS6.7AI score0.01072EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017623 advisory. In RestoreMSCWarning of /coders/pdf.c there are several areas where calls to GetPixelIndex could result in values outside the range of representable for the unsigned...

4.3CVSS6.7AI score0.01161EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38486

A read of pixels was coded as modifying coordinates to lie within the image bounds. It would calculate a coordinate by adding a constant to an input and taking the minimum of the resulting coordinate and 'dimension - 1'. This would not protect against malicious inputs that could overflow the...

6.9CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder