CVE-2026-46182

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct paprhvpipehdr contains reserved paddi...

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Division by zero

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Astra Linux - уязвимость в libstb

A issue was discovered in stbstbimage.h versions 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length data. An attacker could potentially cause a denial of service in applications that use stbimage by submitting crafted HDR files...

Astra Linux - уязвимость в libstb

stbimage is a single-file library licensed under MIT that is used for processing images. The stbigetn function reads a specified number of bytes from the context usually a file into the specified buffer. If the file stream points to the end of the file, it returns zero. There are two places where...

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Integer overflow has been prevented in hdrfirstde. The deoff and used variables originate from the disk, so both need to be checked. The issue is that on 32-bit systems, if both values are greater than UINTMAX - 16, the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdrdeletede Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdrdeletede+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdrfirstde return value The hdrfirstde function returns a pointer to a struct NTFSDE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help...

CVE-2026-31700

Summary (CVE-2026-31700): In the Linux kernel, a TOCTOU race in tpacket_snd() when PACKET_VNET_HDR is enabled allows a user-space race on vnet_hdr fields between validation and use, bypassing safety checks. The vulnerability affects the mmap’d TX ring buffer where vnet_hdr points into user-contro...

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

SUSE SLED15 / SLES15 Security Update : gegl (SUSE-SU-2026:1496-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1496-1 advisory. - CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buff...

OpenEXR 输入验证错误漏洞

OpenEXR is an open standard for high dynamic range image HDR file format, open-sourced by the Academy Software Foundation. Versions 3.4.0 to 3.4.9, 3.3.0 to 3.3.9, and 3.2.0 to 3.2.7 of OpenEXR contain a input validation vulnerability. This vulnerability stems from line 1040 of...

SUSE SLED15 / SLES15 Security Update : gegl (SUSE-SU-2026:1481-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1481-1 advisory. This update for gegl fixes the following issue: - CVE-2026-2049: improper validation of the length of user-supplied dat...

Security update for gegl

This update for gegl fixes the following issues: CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow bsc1259749. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for gegl

This update for gegl fixes the following issue: CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow bsc1259749. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for gegl

This update for gegl fixes the following issue: CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow bsc1259749. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

[SECURITY] Fedora 44 Update: luminance-hdr-2.6.1.1-89.fc44

Luminance HDR is a graphical user interface based on the Qt5 toolkit that provides a complete workflow for HDR imaging. Supported HDR formats: =E2=80=A2 OpenEXR extension: exr =E2=80=A2 Radiance RGBE extension: hdr =E2=80=A2 Tiff formats: 16bit, 32bit float and LogLuv extension: tiff =E2=80=A2 Ra...