SUSE CVE-2026-43903

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the softimageinput.cpp process when handling RLE decoding. An attacker can cause a heap buffer overflow by submitting a crafted .pic file with a manipulated run length value that exceeds the scanline width...

EUVD-2026-30387

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...

RLSA-2026:6005 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write ...

ALSA-2026:5939 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write ...

📄 psd-tools Denial of Service

When a specially crafted PSD file contains malformed RLE-compressed image data for example, a literal run extending beyond the expected row size, the internal decoderle function raises a ValueError in psd-tools, resulting in a denial of service condition...

GHSA-273H-M46V-96Q4 ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds

An integer overflow in the PSB PSD v2 RLE decoding path causes a heap out-of-bounds read on 32-bit builds. This can lead to information disclosure or a crash when processing crafted PSB files. ================================================================= ==3298==ERROR: AddressSanitizer:...

ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds

An integer overflow in the PSB PSD v2 RLE decoding path causes a heap out-of-bounds read on 32-bit builds. This can lead to information disclosure or a crash when processing crafted PSB files. ================================================================= ==3298==ERROR: AddressSanitizer:...

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

EUVD-2020-0150

Malware in sbrugna...

CVE-2025-53085

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

DEBIAN-CVE-2025-52930

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

CVE-2025-53085

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow via the BMPv3 RLE Decoding functionality. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted .bmp file that triggers a heap-based buffer overflow duri...

SAIL Image Decoding Library PSD RLE Decoding heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2219 SAIL Image Decoding Library PSD RLE Decoding heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-53085 SUMMARY A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library...

SAIL 安全漏洞

SAIL is an image decoding library from SAIL open source. A security vulnerability exists in SAIL version 0.9.8, which stems from a heap buffer overflow in the PSD RLE decoding function that could lead to remote code execution...

python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2

An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest...

GHSA-22JR-VC7J-G762 Potential buffer overflow in psd-tools

Impact An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malformed PSD input data during decoding to the PIL.Image or NumPy format, leading to a Buffer Overflow. Patches Users of psd-tools version v1.8.37 to v1.9.3 should upgrade to...

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...