EUVD-2026-39130

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2026-2050

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2026-2050 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

Astra Linux – Vulnerability in libstb

stbimage is a single-file library licensed under MIT that is used for processing images. The stbigetn function reads a specified number of bytes from the context usually a file into the specified buffer. If the file stream points to the end of the file, it returns zero. There are two places where...

Astra Linux – Vulnerability in libstb

A issue was discovered in stbstbimage.h versions 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length data. An attacker could potentially cause a denial of service in applications that use stbimage by submitting crafted HDR files...

CVE-2026-2049

A flaw was found in GIMP. This heap-based buffer overflow vulnerability, located in the HDR file parsing component, allows a remote attacker to execute arbitrary code. User interaction is required for exploitation, as the target must open a malicious HDR file. The flaw occurs due to a lack of...

CVE-2026-2049

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2026-2049 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2026-2049

CVE-2026-2049 is a heap-based buffer overflow in HDR file parsing within gegl (used by GIMP) caused by insufficient validation of the length of user-supplied data. This can lead to remote code execution when a user opens a malicious HDR file or visits a crafted page, as indicated by the CVSS vect...

CVE-2026-46182

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct paprhvpipehdr contains reserved paddi...

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Division by zero

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a slab-out-of-bounds read in hdrdeletede. Here is a bug report from syzbot: Bug: KASAN: Slab-out-of-bounds in hdrdeletede+0xe0/0x150, fs/ntfs3/index.c:806. A read of size 16842960 was performed at address...

CVE-2026-31700

Summary (CVE-2026-31700): In the Linux kernel, a TOCTOU race in tpacket_snd() when PACKET_VNET_HDR is enabled allows a user-space race on vnet_hdr fields between validation and use, bypassing safety checks. The vulnerability affects the mmap’d TX ring buffer where vnet_hdr points into user-contro...

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

SUSE SLED15 / SLES15 Security Update : gegl (SUSE-SU-2026:1496-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1496-1 advisory. - CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buff...

OpenEXR 输入验证错误漏洞

OpenEXR is an open standard for high dynamic range image HDR file format, open-sourced by the Academy Software Foundation. Versions 3.4.0 to 3.4.9, 3.3.0 to 3.3.9, and 3.2.0 to 3.2.7 of OpenEXR contain a input validation vulnerability. This vulnerability stems from line 1040 of...

SUSE SLED15 / SLES15 Security Update : gegl (SUSE-SU-2026:1481-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1481-1 advisory. This update for gegl fixes the following issue: - CVE-2026-2049: improper validation of the length of user-supplied dat...

Security update for gegl

This update for gegl fixes the following issues: CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow bsc1259749. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...