CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

CVE-2026-34379

OpenEXR 3.4.9 addresses multiple CVEs including CVE-2026-34379: Misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression). Affected component: LossyDctDecoder in the DWA/DWAB path; root cause is a misaligned write that can cause undefined behavior. This up...

PT-2026-30638

Memory corruption when decoding corrupted satellite data files with invalid signature offsets...

PT-2026-30658

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.6, version 3.3.9, and version 3.4.9 Description A memory write issue exists in the LossyDctDecoder execute function within src/lib/OpenEXRCore/internal dwa decoder.h:749 when decoding DWA or DWAB-compressed E...

SigCorr 0.1.0

SigCorr detects cross-protocol attack chains spanning SS7/MAP, Diameter S6a, and GTPv2-C interfaces in mobile core networks. It performs unified subscriber identity correlation across protocol boundaries to detect multi-stage attacks that single-interface monitors miss. It is written in Java 17 a...

PT-2026-30659

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.6, 3.3.9, and 3.4.9 Description A signed integer overflow exists in the undo pxr24 impl function within the OpenEXR library. The expression uint64 tw 3 calculates w 3 as a signed 32-bit integer before...

Information Disclosure

openexr is vulnerable to an information disclosure. The vulnerability is due to improper handling of heap memory during image decoding, which allows an attacker to craft a malicious EXR file that leaks sensitive memory data when processed...

GHSA-W48F-FWG7-WW6P @stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding

Summary @stablelib/cbor decodes CBOR maps into ordinary JavaScript objects and assigns attacker-controlled keys directly onto those objects. A CBOR map key named proto therefore changes the prototype of the decoded object instead of becoming an ordinary data property. Details The decoder builds m...

Prototype Pollution

Overview @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Prototype Pollution via the CBOR decoding process. An attacker can manipulate the prototype of decoded objects by supplying specially crafted map keys, such as proto, which can lead to...

@stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding

Summary @stablelib/cbor decodes CBOR maps into ordinary JavaScript objects and assigns attacker-controlled keys directly onto those objects. A CBOR map key named proto therefore changes the prototype of the decoded object instead of becoming an ordinary data property. Details The decoder builds m...

EUVD-2026-18060

OpenEXR: integer overflow to OOB write in uncompressb44impl...

[SECURITY] Fedora 42 Update: gstreamer1-vaapi-1.26.11-1.fc42

A collection of GStreamer plugins to let you make use of VA API video acceleration from GStreamer applications. Includes elements for video decoding, display, encoding and post-processing using VA API subject to hardware limitations...

[SECURITY] [DSA 6194-1] pyasn1 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6194-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 03, 2026 https://www.debian.org/security/faq -...

CLSA-2026-1775211239 openexr: Fix of 4 CVEs

CVE-2025-12495 CVE-2025-12839 CVE-2025-12840: fix heap buffer overflows in the C core decoding pipeline missing nread validation in exrreadchunk, missing packed/unpacked size check for uncompressed tiles, missing storagemode guard in chunk offset computation - CVE-2025-64181: fix use of...

CLSA-2026-1775210556 ghostscript: Fix of 4 CVEs

CVE-2025-27830: fix potential buffer overflow with DollarBlend in font serialization - CVE-2025-27831: prevent Unicode decoding overrun in txtwrite/docxwrite devices - CVE-2025-27835: fix confusion between bytes and shorts in glyph to Unicode conversion - CVE-2025-27836: fix potential print...

OSV-2026-512 Heap-buffer-overflow in g_utf8_get_char

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498475244 Crash type: Heap-buffer-overflow READ 1 Crash state: gutf8getchar gmarkupescapetext fuzzmarkupescapetext.c...

USN-8146-1: libjxl vulnerability

Daniel Novomeský discovered that libjxl did not properly manage memory when decoding certain files. An attacker could use this issue to cause libjxl to crash, resulting in denial of service, or possibly execute arbitrary code...

USN-8146-1 jpeg-xl vulnerability

Daniel Novomeský discovered that libjxl did not properly manage memory when decoding certain files. An attacker could use this issue to cause libjxl to crash, resulting in denial of service, or possibly execute arbitrary code...

Rack:: Static header_rules bypass via URL-encoded paths

Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...

CVE-2026-34786 Rack: Rack::Static header_rules bypass via URL-encoded paths

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...