147 matches found
SUSE CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
SUSE CVE-2025-59731
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the oldcodec48 process when decoding SANM frames using run-length encoding, as the decoded data may exceed the allocated buffer size. An attacker can cause memory corruption or potentially execute arbitrary code b...
CVE-2025-59731
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...
UBUNTU-CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
EUVD-2025-32516
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...
CVE-2025-59731
OpenEXR/FFmpeg CVE-2025-59731 describes a vulnerability in DWAA/DWAB run-length decoding where the rle_raw_size is not checked when calculating output data. The decoder reads rle_raw_size, decompresses into td->rle_raw_data, and may access entries up to (td->xsize-1)*(td->ysize-1) + rle_...
CVE-2025-59731
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...
EUVD-2025-32517
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
CVE-2025-59730
CVE-2025-59730 affects SANM/ANIM v0 frames decoded by the old_codec48 path in FFmpeg. The issue: when decoding a frame, the run-length encoded data can exceed the allocated buffer because there are no bounds checks for decoded frame size, causing a heap-buffer-overflow. Affected component/functio...
CVE-2025-59730 Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
EUVD-2025-25738
Malicious code in bioql PyPI...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the PSD RLE Decoding functionality. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted .psd file that triggers a heap-based buffer overflow during...
CVE-2025-53085
CVE-2025-53085 impacts the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8 . The vulnerability is described as a memory corruption causing a heap-based buffer overflow when decompressing image data from a specially crafted PSD file, enabling remote code execution. Exploit...
CVE-2025-52930
A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...
CVE-2025-52930
CVE-2025-52930 affects the BMPv3 RLE Decoding functionality in the SAIL Image Decoding Library v0.9.8 . A memory corruption due to a heap-based buffer overflow during BMP data decompression can lead to remote code execution if an attacker can induce the library to read a specially crafted BMP fil...
SAIL 安全漏洞
SAIL is an image decoding library from SAIL open source. A security vulnerability exists in SAIL version 0.9.8, which stems from a heap buffer overflow in the BMPv3 RLE decoding function that could lead to remote code execution...
PT-2025-34626 · Unknown · Sail Image Decoding Library
Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the PSD RLE Decoding functionality. Decompressing image data from a crafted .psd file can lead to a heap-based buffer overflow, potentially allowing fo...
Linux Distros Unpatched Vulnerability : CVE-2022-38143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to...