EUVD-2026-37645

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

DEBIAN-CVE-2026-43908

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

CVE-2026-43908 OpenImageIO: Signed integer overflow in ConvertCbYCrYToRGB leads to heap out-of-bounds write in DPX 4:2:2 decoder

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

CVE-2026-43908 OpenImageIO: Signed integer overflow in ConvertCbYCrYToRGB leads to heap out-of-bounds write in DPX 4:2:2 decoder

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

CVE-2026-33020

A flaw was found in libsixel. An integer overflow vulnerability in the sixelframeconverttorgb888 function can lead to a heap buffer overflow when processing specially crafted large palettised PNG images. An attacker can exploit this by providing a malicious image, which causes heap corruption in...

EUVD-2018-18219

Malware in sbrugna...

SUSE CVE-2016-1619

Multiple integer overflows in the 1 sycc422torgb and 2 sycc444torgb functions in fxcodec/codec/fxcodecjpxopj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted...

SUSE CVE-2016-1651

fxcodec/codec/fxcodecjpxopj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420torgb and sycc422torgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read via...

PT-2020-8033 · Openjpeg +1 · Openjpeg +1

Name of the Vulnerable Software and Affected Versions: OpenJPEG versions prior to 2.1.1 Description: The issue allows attackers to cause a denial of service, specifically memory corruption, by using a crafted jpeg 2000 file. This is due to a problem in the color esycc to rgb function...