CVE-2026-34545 OpenEXR: integer overflow lead to OOB in HTJ2K decoder

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

CLSA-2026-1774999144 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDouble functions - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

CLSA-2026-1774997937 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDouble functions - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1500)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1500 advisory. A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image...

PT-2026-29638

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi gif load next in the library stb image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public an...

Medium: ImageMagick

Issue Overview: A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service DoS and potentially information disclosure...

Important: ImageMagick

Issue Overview: A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service DoS and potentially information disclosure...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3220 (ALAS-2026-3220)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3220 advisory. A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a...

CVE-2026-5190

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, user...

CVE-2026-5190

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, user...

CVE-2026-5190

The CVE-2026-5190 entry concerns aws-c-event-stream’s streaming decoder, where an out-of-bounds write prior to version 0.6.0 can allow memory corruption and potentially arbitrary code execution on a client application that processes crafted event-stream messages. Affected component: streaming dec...

CVE-2026-5190 AWS C Event Stream Streaming Decoder Stack Buffer Overflow

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, user...

EUVD-2026-17575

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, user...

EUVD-2024-55511

Sereal::Decoder versions from 4.000 through 4.009002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of...

CVE-2024-14030

Sereal::Decoder versions from 4.000 through 4.009002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prio...

CVE-2024-14030

Sereal::Decoder versions from 4.000 through 4.009002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of...

CVE-2024-14030 Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library

Sereal::Decoder versions from 4.000 through 4.009002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of...

CVE-2024-14030

Sereal::Decoder for Perl versions 4.000–4.009_002 embeds Zstandard (zstd) prior to 1.3.8, which has a race-condition in one-pass compression that can cause a out-of-bounds write if the output buffer is undersized (CVE-2019-11922). Affected product: Sereal::Decoder (Perl); vulnerable component: em...

CVE-2024-14030

Sereal::Decoder versions from 4.000 through 4.009002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prio...

Sereal::Decoder 安全漏洞

Sereal::Decoder is a decoding module developed by YVES’s individual developers, designed for parsing high-performance binary serialization data formats. Versions 4.000 to 4.009002 of Sereal::Decoder contain security vulnerabilities. These vulnerabilities stem from a buffer out-of-bounds write fla...