405 matches found
CVE-2026-27281
DVE-2024-2026: CVE-2026-27281 affects DNG SDK up to version 1.7.1 2471 and earlier. The flaw is an Integer Overflow or Wraparound (CWE-190) in a component used by the SDK, leading to an application denial-of-service. Exploitation requires user interaction: a victim must open a malicious file. The...
CVE-2026-27281 DNG SDK | Integer Overflow or Wraparound (CWE-190)
DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user...
CVE-2026-27281 DNG SDK | Integer Overflow or Wraparound (CWE-190)
DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user...
CVE-2026-27280 DNG SDK | Out-of-bounds Write (CWE-787)
DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-27280
CVE-2026-27280 affects DNG SDK versions 1.7.1 build 2471 and earlier, with an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The CVSS 3.1 vector is Local/Low...
Adobe DNG SDK 输入验证错误漏洞
Adobe DNG SDK is the United States of America Audobee Adobe company's a software development kit to provide the ability to read and write DNG files. An input validation error vulnerability exists in Adobe DNG SDK, which can be exploited by an attacker to cause a denial of service in an applicatio...
Adobe DNG SDK 缓冲区错误漏洞
Adobe DNG SDK is the United States of America Audobee Adobe company's a software development kit to provide the ability to read and write DNG files. An out-of-bounds write vulnerability exists in Adobe DNG SDK, which can be exploited by an attacker to cause arbitrary code to be executed in the...
📄 Adobe SDK 1.7.1 2410 Integer Overflow / Denial of Service
A logic flaw in the processing of the ProfileHueSatMapDims 0xC6F5 tag within the Adobe DNG SDK can lead to an integer overflow condition when parsing crafted DNG files. By supplying excessively large dimension values e.g., 0x15555554 in the Hue/Saturation map metadata, an attacker can trigger...
📄 Adobe DNG SDK 1.7.1 2410 Integer Overflow
A potential security issue may arise when processing DNG Digital Negative files that embed JPEG XL JXL compressed image streams if image dimensions are not properly validated before memory allocation. In this scenario, specially crafted width and height values are embedded inside the JPEG XL stre...
Adobe DNG SDK Buffer Overflow Vulnerability
Adobe DNG SDK is the United States of America Audobee Adobe company's a software development kit to provide the ability to read and write DNG files. A buffer overflow vulnerability exists in Adobe DNG SDK, which can be exploited by an attacker to execute arbitrary code on a system or cause an...
📄 Samsung Malformed DNG ColorMatrix2 Out-Of-Bounds Read
A memory safety vulnerability was identified in Samsung’s image decoding library libimagecodec.quram.so, affecting the handling of DNG Digital Negative image files. The issue stems from improper bounds validation when parsing the ColorMatrix2 0xC622 tag within DNG metadata. By supplying a crafted...
📄 Samsung QuramDng Malformed DNG TrimBounds Opcode Out‑Of‑Bounds Read
A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...
📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner
This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...
CVE-2026-21355
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...
CVE-2026-21352
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21353
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21355
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...
CVE-2026-21353
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21352
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21353
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...