NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the ScanLineProcess::runfill function when processing deep scanline images with large sample counts in reduceMemory mode. An attacker can cause the application to crash by providing a specially crafted image...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via undozipimpl function during a write operation when decompressing ZIPS-packed deep scan-line EXR files. An attacker can write arbitrary data to the heap and potentially execute code by supplying a specially...

Heap-based Buffer Overflow

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Heap-based Buffer Overflow via undozipimpl function during a write operation when decompressing ZIPS-packed deep scan-line EXR files. An attacker can write arbitrary data to...

OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size

Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. Details When parsing STORAGEDEEPSCANLINE chunks from an EXR file, the following code from...

GHSA-H45X-QHG2-Q375 OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size

Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. Details When parsing STORAGEDEEPSCANLINE chunks from an EXR file, the following code from...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image HDR file formats. A heap buffer overflow vulnerability exists in OpenEXR versions 3.3.0 through 3.3.2 when decompressing ZIPS-compressed deep scanline EXR files, which originates from a write operation out of bounds when processing...

OpenEXR 代码问题漏洞

OpenEXR is a high dynamic range image file format designed for the movie industry. A null pointer dereference vulnerability exists in OpenEXR version 3.3.2 when reading a deep scanline image containing a large number of sample points in reduceMemory mode, which stems from a null pointer exception...

SUSE-SU-2025:02527-1 Security update for polkit

This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. bsc1246472...

Ruby REXML < 3.3.6 DoS vulnerability

The version of the REXML Ruby library installed on the remote host is prior to 3.3.6. It is, therefore, affected by a DoS vulnerability. The vulnerability lies when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree...

AZL-65379 CVE-2025-7519 affecting package polkit for versions less than 0.119-4

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account i...

Phishing Detection in the Gen-AI Era: Quantized LLMs Vs Classical Models

Phishing attacks are becoming increasingly sophisticated, underscoring the need for detection systems that strike a balance between high accuracy and computational efficiency. This paper presents a comparative evaluation of traditional Machine Learning ML, Deep Learning DL, and quantized...

Beyond Training-Time Poisoning: Component-Level and Post-Training Backdoors in Deep Reinforcement Learning

Deep Reinforcement Learning DRL systems are increasingly used in safety-critical applications, yet their security remains severely underexplored. This work investigates backdoor attacks, which implant hidden triggers that cause malicious actions only when specific inputs appear in the observation...

README: Robust Error-Aware Digital Signature Framework Via Deep Watermarking Model

Deep learning-based watermarking has emerged as a promising solution for robust image authentication and protection. However, existing models are limited by low embedding capacity and vulnerability to bit-level errors, making them unsuitable for cryptographic applications such as digital...

Adaptive Malware Detection Using Sequential Feature Selection: a Dueling Double Deep Q-Network (D3QN) Framework for Intelligent Classification

Traditional malware detection methods exhibit computational inefficiency due to exhaustive feature extraction requirements, creating accuracy-efficiency trade-offs that limit real-time deployment. We formulate malware classification as a Markov Decision Process with episodic feature acquisition a...

CVE-2025-52999

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

Universal and Efficient Detection of Adversarial Data through Nonuniform Impact on Network Layers

Deep Neural Networks DNNs are notoriously vulnerable to adversarial input designs with limited noise budgets. While numerous successful attacks with subtle modifications to original input have been proposed, defense techniques against these attacks are relatively understudied. Existing defense...

Autonomous Cyber Resilience Via a Co-Evolutionary Arms Race within a Fortified Digital Twin Sandbox

The convergence of IT and OT has created hyper-connected ICS, exposing critical infrastructure to a new class of adaptive, intelligent adversaries that render static defenses obsolete. Existing security paradigms often fail to address a foundational "Trinity of Trust," comprising the fidelity of...

CVE-2025-30642

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service DoS situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2025-30641

A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2025-30640

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...