SUSE-SU-2026:2114-1 Security update for openexr

This update for openexr fixes the following issue - CVE-2026-41142: integer overflow in ImageChannel: resize can lead to a heap out-of-bounds write via OpenEXRUtil public API bsc1264356...

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1713)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1713 advisory. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to...

OESA-2026-2366 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...

Security update for openexr (important)

openSUSE security update: security update for openexr ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20755-1 Rating: important References: bsc1264353 bsc1264354 bsc1264356 Cross-References: CVE-2026-41142 CVE-2026-42216 CVE-2026-42217 CVSS scores:...

SUSE-SU-2026:21796-1 Security update for openexr

This update for openexr fixes the following issues - CVE-2026-41142: integer overflow in ImageChannel: resize can lead to a heap out-of-bounds write via OpenEXRUtil public API bsc1264356. - CVE-2026-42216: missing checks in IDManifest: init can lead to out-of-bounds read during prefix expansion...

CLSA-2026-1778760144 openexr: Fix of CVE-2026-41142

CVE-2026-41142: fix integer overflow in ImageChannel::resize pixel count computation leading to heap out-of-bounds write via the OpenEXRUtil public API...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the resize function in ImageChannel through the OpenEXRUtil public API. An attacker can cause a heap out-of-bounds write by supplying crafted input that triggers an integer overflow. Remediation Upgrad...

CVE-2026-41142

OpenEXR is affected by CVE-2026-41142 due to an integer overflow in ImageChannel::resize that can cause a heap out-of-bounds write via the OpenEXRUtil public API. Affected versions are 3.0.0–before 3.2.9, 3.3.0–before 3.3.11, and 3.4.0–before 3.4.11. The issue is mitigated by patches in 3.2.9, 3....

CVE-2026-41142 OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

CVE-2026-41142

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

EUVD-2026-28251

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

CVE-2026-41142 OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

OpenEXR 输入验证错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. There is a input validation vulnerability in OpenEXR, which stems from integer overflows in the ImageChannel::resize function, leading to out-of-bounds write operations on the...

Out-of-bounds Read

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Integer Overflow or Wraparound

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

齐博CMS任意文件读取(鸡肋，需注册)

简要描述： RT 详细说明： 漏洞一:鸡肋的getshell需注册并能发布文章,需配合apache、iis6解析漏洞 文件 /inc/articfunction.php //采集外部图片 function getoutpic$str,$fid=0,$getpic=1 global $webdb,$lfjuid; if!$getpic return $str; pregmatchall"/http://^ '"+.gif|jpg|png/is",$str,$array; $filedb=$array0; foreach $filedb AS $key=$value if...

OpenJDK: Incorrect image channel verification (2D, 8012597)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: Incorrect image channel verification (2D, 8012597)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: Incorrect image channel verification (2D, 8012597)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: Incorrect image channel verification (2D, 8012597)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...