Lucene search
K

965 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-565 vLLM has RCE In Video Processing

Summary A chain of vulnerabilities in vLLM allow Remote Code Execution RCE: 1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR 2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to...

9.8CVSS7.4AI score0.03816EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

SUSE SLES15 Security Update : ffmpeg-4 (SUSE-SU-2026:2444-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2444-1 advisory. This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass...

9.8CVSS7.1AI score0.00715EPSS
Exploits3References31
CVE
CVE
added 2026/06/18 8:31 p.m.25 views

CVE-2026-45696

CVE-2026-45696 affects OpenEXR 3.4.0–3.4.11, where the HTJ2K decoder’s ht_undo_impl() can perform a heap-buffer-overflow READ due to a width mismatch between the EXR codestream and the declared line width. The decoder copies 32-bit samples from cur_line->i32[] without validating the OpenJPH li...

8.3CVSS5.6AI score0.00263EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/18 8:52 a.m.3 views

SUSE-SU-2026:2445-1 Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass bsc1220545. - CVE-2024-35366: FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When...

9.8CVSS7AI score0.00715EPSS
Exploits3References20
EUVD
EUVD
added 2026/06/10 9:45 p.m.8 views

EUVD-2026-36173

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

4CVSS5.5AI score0.00116EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: openjpeg (UTSA-2026-016638)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016638 advisory. Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service application crash or...

8.8CVSS7.4AI score0.05515EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-46559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in t...

4CVSS5.5AI score0.00116EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:37 p.m.10 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:37 p.m.12 views

Out-of-bounds Write

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:37 p.m.12 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:37 p.m.12 views

Out-of-bounds Write

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 8:37 p.m.6 views

GHSA-533M-3WF6-C33V ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.

An incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options...

4CVSS5.9AI score0.00116EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.8CVSS6AI score0.00173EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/15 2:2 p.m.10 views

CVE-2026-43905

A flaw was found in OpenImageIO. When processing a specially crafted JPEG2000 image file, an internal calculation for buffer size can result in an integer overflow. This leads to an undersized memory allocation, causing a heap overflow. An attacker could exploit this to potentially execute...

7.8CVSS6.1AI score0.00173EPSS
Exploits1References2
NVD
NVD
added 2026/05/14 8:17 p.m.14 views

CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.8CVSS0.00173EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/14 8:17 p.m.9 views

CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.8CVSS5.9AI score0.00173EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:17 p.m.7 views

UBUNTU-CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.8CVSS6AI score0.00173EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/14 7:9 p.m.35 views

CVE-2026-43905 OpenImageIO: JPEG2000 (OpenJPH) signed integer overflow in buffer allocation

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.1CVSS0.00173EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/14 7:9 p.m.8 views

CVE-2026-43905 OpenImageIO: JPEG2000 (OpenJPH) signed integer overflow in buffer allocation

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.1CVSS6AI score0.00173EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 7:9 p.m.20 views

CVE-2026-43905

OpenImageIO CVE-2026-43905 affects the JPEG2000 path when built with OpenJPH. In jpeg2000input.cpp:395, buffer size is computed as w * h * ch * buffer_bpp using 32-bit signed arithmetic, so when the product exceeds INT_MAX the result wraps to 0 or a small value. This yields an undersized m_buf an...

7.8CVSS6AI score0.00173EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder