Lucene search
K

405 matches found

OSV
OSV
added 2026/02/10 7:15 p.m.5 views

CVE-2026-21352

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 6:32 p.m.27 views

CVE-2026-21352 DNG SDK | Out-of-bounds Write (CWE-787)

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 6:32 p.m.3 views

CVE-2026-21352 DNG SDK | Out-of-bounds Write (CWE-787)

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:32 p.m.3 views

CVE-2026-21354

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user...

5.5CVSS5.6AI score0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 6:32 p.m.3 views

CVE-2026-21354 DNG SDK | Integer Overflow or Wraparound (CWE-190)

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user...

5.5CVSS5.6AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 6:32 p.m.25 views

CVE-2026-21354 DNG SDK | Integer Overflow or Wraparound (CWE-190)

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user...

5.5CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 6:32 p.m.19 views

CVE-2026-21354

The CVE-2026-21354 entry concerns the DNG SDK, affected in versions 1.7.1 2410 and earlier. The issue is an Integer Overflow or Wraparound that can lead to application denial-of-service. Exploitation requires user interaction: a victim must open a malicious file, potentially crashing or making th...

5.5CVSS5.6AI score0.00139EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 6:32 p.m.4 views

CVE-2026-21353 DNG SDK | Integer Overflow or Wraparound (CWE-190)

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 6:32 p.m.18 views

CVE-2026-21355

The CVE-2026-21355 entry concerns the DNG SDK, affected in versions 1.7.1 2410 and earlier. It describes an out-of-bounds read that could expose memory contents, with exploitation requiring a user to open a malicious file. The impact is memory exposure, not code execution per the provided text. C...

5.5CVSS5.4AI score0.00152EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/10 6:32 p.m.25 views

CVE-2026-21355 DNG SDK | Out-of-bounds Read (CWE-125)

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...

5.5CVSS0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Adobe DNG SDK 输入验证错误漏洞

The Adobe DNG SDK is a software development kit provided by Adobe Inc. in the United States, which allows for the reading and writing of DNG files. Versions of the Adobe DNG SDK 1.7.1 2410 and earlier contained a vulnerability related to input validation errors. This vulnerability was caused by...

5.5CVSS5.8AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Adobe DNG SDK 缓冲区错误漏洞

The Adobe DNG SDK is a software development kit provided by Adobe Inc. in the United States, which allows for the reading and writing of DNG files. Versions of the Adobe DNG SDK 1.7.1 2410 and earlier contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds read...

5.5CVSS6AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.6 views

PT-2026-7430

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user...

5.5CVSS5.6AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.10 views

PT-2026-7429

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.1 2410 and earlier Description DNG SDK versions 1.7.1 2410 and earlier are susceptible to an Integer Overflow or Wraparound condition. Successful exploitation could lead to arbitrary code execution with the privileges of t...

7.8CVSS6.3AI score0.00184EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.275 views

📄 Samsung Quram DNG Remote Code Execution

A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...

9.8CVSS6.4AI score0.01435EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.206 views

📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner

This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...

7.5CVSS5.5AI score0.0022EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.199 views

📄 Samsung QuramDng Embedded DNG Out-Of-Bounds Read / Write

This proof of concept demonstrates an out-of-bounds read / write vulnerability in Samsung's QuramDng image parser, affecting Galaxy S22–S25 devices running One UI 6+. By crafting a malformed DNG that abuses the OpcodeList1 specifically the FixBadPixelsList opcode and embedding it inside a JPEG...

7.5CVSS5.7AI score0.00234EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.203 views

📄 Samsung QuramDng Warp Out-Of-Bounds Read

This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung's QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file. The script programmatically builds a minimal but valid DNG file containing a malformed WarpRectilinear opcode,...

9.1CVSS5.5AI score0.00393EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.194 views

📄 Samsung Quram DNG Advanced Remote Code Execution

This proof of concept uses an advanced exploitation technique that allows a remote attacker to execute arbitrary code on a target device by carefully controlling and manipulating memory in the target application or library. This technique is particularly used against memory-sensitive libraries li...

7.5CVSS6.2AI score0.00274EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.167 views

📄 Samsung Quram DNG Heap Corruption

Samsung devices utilize Quram's DNG decoder. A malformed ScalePerColumn opcode with oversized areaSpec and extreme pitches leads to arithmetic overflow in the per-column scaling loop. After allocation miscalculation, subsequent writes corrupt heap structures. Carefully crafted payloads enable...

9.8CVSS5.6AI score0.01435EPSS
Exploits3
Rows per page
Query Builder