10 matches found
openexr security update
An update is available for openexr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file format...
OpenEXR: Heap Overflow in Scanline Deep Data Parsing
A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanlin...
ALSA-2024:9548 Important: openexr security update
OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...
RHEL 9 : openexr (RHSA-2024:8800)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8800 advisory. OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a...
OpenEXR: Heap Overflow in Scanline Deep Data Parsing
A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanlin...
ALSA-2024:8800 Important: openexr security update
OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...
FreeBSD : openexr -- Heap Overflow in Scanline Deep Data Parsing (f161a5ad-c9bd-11ee-b7a7-353f1e043d9a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f161a5ad-c9bd-11ee-b7a7-353f1e043d9a advisory. - Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep...
CVE-2023-5841 OpenEXR Heap Overflow in Scanline Deep Data Parsing
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
Top 3 Tech Challenges RASP/(ng)WAF Vendors Are Faced With
Here I’d like to share my experience and pain in building L7 data protection solutions which are frequently called WAF/ngWAFs or RASPs. I started to build it back in 2009 from a simple detection logic based on self-adopted heuristics for a CTF competition and then build an entire company on machi...
UBUNTU-CVE-2017-12595
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service stack consumption and segmentation fault or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash ...