CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

CVE-2026-43904 OpenImageIO: Softimage PIC RLE decoder heap buffer overflow — longCount not clamped to image width

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

PT-2025-51141

A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical staff pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the...

EUVD-2024-47134

Malicious code in bioql PyPI...

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-9585

CVE-2025-9585 affects Comfast CF-N1 2.6.0. The issue is in /usr/bin/webmgnt, in the wifilith_delete_pic_file function, where manipulating the portal_delete_picname argument leads to remote command injection. Public exploits have been disclosed. Likely impact includes remote code execution with hi...

CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

CVE-2024-5877

IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

CVE-2024-5877

CVE-2024-5877 corresponds to IrfanView PIC file parsing that can cause an out-of-bounds write, enabling remote code execution. The flaw arises from insufficient validation of PIC data during parsing, allowing a write before the start of an allocated buffer and execution of code in the current pro...

CVE-2024-5877 IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

Null Pointer Dereference

stb is vulnerable to Null Pointer Dereference. The vulnerability is due to the improper handling within the stbiconvertformat function, this allowing attackers to trigger a Denial of Service DoS through a specially crafted pic file...

CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

Null pointer dereference

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

CVE-2023-43898

CVE-2023-43898 affects Nothings stb 2.28. The vulnerability is a Null Pointer Dereference in stbi__convert_format , enabling a Denial of Service via a crafted PIC file. Documents consistently attribute the issue to stb 2.28 and explicitly state DoS as the impact; no vendor patch/version fix is pr...

CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

Apple macOS ImageIO PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO...

Apple macOS ImageIO PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO...