CVE-2026-43903 OpenImageIO: SGI RLE decoder heap buffer overflow OIIO_DASSERT bounds checks are no-ops in release builds

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...

MiracleLinux 8 : python-pillow-5.1.1-16.el8 (AXSA:2021-2760:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2760:01 advisory. python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25287 python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25288...

MiracleLinux 3 : cups-1.2.4-11.18.2.1AXS3 (AXSA:2008-510:05)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-510:05 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR operating systems. This patch fixes the following bugs: CVE-2008-36...

EUVD-2021-0182

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-11538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than...

SUSE CVE-2020-35655

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...

EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-1729)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.CVE-2020-5313 - An out-of-bounds write flaw was...

OESA-2021-1146 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. Security Fixes: In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SG...

DEBIAN-CVE-2021-25293

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c...

PYSEC-2021-39

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c...

GHSA-HF64-X4GQ-P99H Pillow Out-of-bounds Read

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...

Accusoft ImageGear out-of-bounds write vulnerability (CNVD-2021-12102)

Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. An out-of-bounds write vulnerability exists in the SGI RLE decompression feature of Accusoft ImageGear 19.8. An attacker could exploit this vulnerability via specially crafted files to achieve code executio...

CVE-2020-13571

An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-13571

An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Cross site scripting

An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-13571

CVE-2020-13571 affects Accusoft ImageGear 19.8, specifically the SGI RLE decompression path. The Talos analysis details an out-of-bounds write in sgiread (sgiread.c) caused by a missing input-size check in the RLE decoding flow, leading to a memory overwrite during a ReadFile/IO_read sequence. Ke...

CVE-2020-13571

An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Accusoft ImageGear SGI RLE decompression out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2020-1182 Accusoft ImageGear SGI RLE decompression out-of-bounds write vulnerability February 9, 2021 CVE Number CVE-2020-13571 Summary An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. An out-of-bounds write vulnerability exists in the SGI RLE decompression feature of Accusoft ImageGear 19.8. An attacker could exploit this vulnerability via specially crafted files to achieve code executio...

CVE-2020-35655

A flaw was found in python-pillow. SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...