155 matches found
DEBIAN-CVE-2026-59198
Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0...
CVE-2026-59198 Pillow TGA RLE encoder can serialize up to ~57 KB of adjacent heap data into generated images
Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0...
PT-2026-58089
Name of the Vulnerable Software and Affected Versions Pillow versions 5.2.0 through 12.2.x Description The TGA RLE encoder in the Pillow Python imaging library reads past its packed row buffer when saving a mode 1 image using TGA RLE compression. This behavior allows adjacent process heap bytes t...
freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...
CVE-2026-57158 FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-23530
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...
freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...
EUVD-2026-42020
A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitra...
CVE-2026-58384 Gimp: gimp: integer overflow in read_rle_channel()
A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitra...
CVE-2026-13705
CVE-2026-13705 affects Imager before 1.032 for Perl. The vulnerability is a heap out-of-bounds read in the bundled Imager::File::SGI reader caused by a 16-bit RLE literal run in read_rgb_16_rle. The code guards a pixel-count (count) with data_left, but each 16-bit sample uses two bytes; the copy ...
CVE-2026-56367
ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...
CVE-2026-56367 ImageMagick - Heap Out-of-Bounds Read in PSB RLE Decoding
ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...
CVE-2026-45700
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...
CVE-2026-45700 Heap-buffer-overflow write in planar bitmap decoder
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdpbitmapdecompressplanar validates the X destination coordinate nXDst against the...
CVE-2026-45700
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdpbitmapdecompressplanar validates the X destination coordinate nXDst against the...
CVE-2026-45700 Heap-buffer-overflow write in planar bitmap decoder
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdpbitmapdecompressplanar validates the X destination coordinate nXDst against the...
Astra Linux – Vulnerability in pillow
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files, due to improper handling of offset and length tables...
Astra Linux – Vulnerability in ffmpeg5
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, decompress and decode it into the buffer td-rlerawdata of size rlerawsize a...
SUSE CVE-2026-43904
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...
CVE-2026-43904
A flaw was found in OpenImageIO. When processing a specially crafted .pic image file, the software fails to properly clamp the run length during Run Length Encoding RLE image processing. This oversight can lead to a heap overflow, allowing a remote attacker to potentially execute arbitrary code,...
CVE-2026-43903
A flaw was found in OpenImageIO. A remote attacker could exploit this vulnerability by providing a specially crafted .sgi image file. This file, with a Run-Length Encoding RLE count exceeding the scanline width, can cause a heap buffer overflow. Successful exploitation leads to a denial of servic...