OESA-2026-2366 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...

Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation

Summary Scriban's expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls LimitToString, LoopLimit do not protect these paths, giving...

EUVD-2022-32534

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a 32-bit integer shift that could lead to an overflow...

Incorrect Bitwise Shift of Integer

Overview Affected versions of this package are vulnerable to Incorrect Bitwise Shift of Integer through the ochufftreeunpack function. Remediation There is no fixed version for theora. References - PoC - Red Hat Bugzilla Bug - Vulnerable Code...

kernel: media: gspca: cpia1: shift-out-of-bounds in set_flicker

In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in setflicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the...

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

Integer overflow

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

CVE-2022-28048

CVE-2022-28048 affects the STB library (STB v2.27) in the component stbi__jpeg_decode_block_prog_ac, causing an integer shift of invalid size. The connected records (Astra Linux entry and Gentoo GLSA) corroborate the affected library and version. Gentoo GLSA 2024-09-15 links to the same issue and...

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

stb 安全漏洞

stb is a single-file public domain library for C/C ++. A security vulnerability exists in stb version v2.27, which stems from the inclusion of an integer shift of invalid size in the component stbijpegdecodeblockprogac...