Lucene search
+L

155 matches found

NVD
NVD
added 2026/05/14 8:17 p.m.13 views

CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

8.4CVSS0.00173EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 8:17 p.m.7 views

DEBIAN-CVE-2026-43903

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...

7.8CVSS6AI score0.00126EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 8:17 p.m.10 views

CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

8.4CVSS5.8AI score0.00173EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/14 7:10 p.m.37 views

CVE-2026-43903 OpenImageIO: SGI RLE decoder heap buffer overflow OIIO_DASSERT bounds checks are no-ops in release builds

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...

8.4CVSS0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41023

Name of the Vulnerable Software and Affected Versions OpenImageIO versions prior to 3.0.18.0 OpenImageIO versions prior to 3.1.13.0 Description An issue exists in the toolset used for reading, writing, and manipulating image files for VFX and animation. Specifically, the softimageinput.cpp file...

8.4CVSS5.3AI score0.00173EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41022

Name of the Vulnerable Software and Affected Versions OpenImageIO versions prior to 3.0.18.0 OpenImageIO versions prior to 3.1.13.0 Description OpenImageIO is a toolset for reading, writing, and manipulating image files for VFX and animation. A heap buffer overflow and crash can occur when...

8.4CVSS5.5AI score0.00126EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and a large number of supported image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from the...

8.4CVSS6.2AI score0.00126EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/18 3:23 a.m.7 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the tga.c process of decoding TGA images using RLE compression, specifically when handling the raw-packet path, due to missing bounds checks. An attacker can achieve arbitrary code execution or cause a denial of...

9.8CVSS6.4AI score0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/18 1:42 a.m.35 views

CVE-2026-40494 SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

9.8CVSS0.00314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/18 1:42 a.m.5 views

CVE-2026-40494 SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

9.8CVSS5.8AI score0.00314EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 3:19 p.m.6 views

JLSEC-2026-129

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...

5.5CVSS5.8AI score0.01007EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 3:16 p.m.36 views

UBUNTU-CVE-2026-5441

An out-of-bounds read vulnerability exists in the DecodePsmctRle1 function of DicomImageDecoder.cpp. The PMSCTRLE1 decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafte...

7.1CVSS6AI score0.00136EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.14 views

PT-2026-31630

An out-of-bounds read vulnerability exists in the DecodePsmctRle1 function of DicomImageDecoder.cpp. The PMSCT RLE1 decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A craft...

6AI score0.00136EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.3 views

RHEL 8 : freerdp (RHSA-2026:6764)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6764 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

8.8CVSS6.6AI score0.00591EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/04/06 6:44 p.m.4 views

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

8.8CVSS6.5AI score0.00591EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2026/03/27 12:0 a.m.3 views

The vulnerability of the planar_decompress_plane_rle() function in the RDP client FreeRDP allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the planardecompressplanerle function in the FreeRDP RDP client is related to data writing beyond the specified buffer. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS7.3AI score0.00591EPSS
Exploits1References6Affected Software2
Anthropic
Anthropic
added 2026/03/24 8:43 p.m.18 views

ANT-2026-HN9XZXJ9 · freerdp · heap

heap-buffer-overflow medium GHSA-mpxh-8fq3-x8mh GHSA-mvpx-xj7r-3p3r GHSA-p6r2-4hgm-m6ff Severity Claude critical · Security research firm medium · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by...

6AI score
Exploits0
OSV
OSV
added 2026/02/26 12:16 a.m.6 views

UBUNTU-CVE-2026-27809

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

9.1CVSS5.8AI score0.0041EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.11 views

psd-tools 安全漏洞

psd-tools is an open-source Python package designed for reading Adobe Photoshop PSD files. Versions of psd-tools prior to 1.12.2 contained security vulnerabilities. These vulnerabilities occurred due to the lack of handling of ValueError exceptions when processing PSD files containing...

9.1CVSS5.8AI score0.0041EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/25 11:57 p.m.5 views

CVE-2026-27809 psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

8.8CVSS5.9AI score0.0041EPSS
Exploits1References3
Rows per page
Query Builder