19 matches found
CVE-2026-43904 OpenImageIO: Softimage PIC RLE decoder heap buffer overflow — longCount not clamped to image width
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...
CVE-2026-43904
OpenImageIO prior to 3.0.18.0 and 3.1.13.0 has a heap overflow in the RLE decoder for the Softimage PIC path (softimageinput.cpp:469 and :345) because run length is not clamped to scanline width before writing pixels. The raw packet path clamps correctly, but the RLE paths do not, allowing a craf...
CVE-2026-43904 OpenImageIO: Softimage PIC RLE decoder heap buffer overflow — longCount not clamped to image width
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...
EUVD-2009-3557
Malware in sbrugna...
Autodesk Softimage 7.0 Scene TOC File Remote Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36637/info Autodesk Softimage is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts...
Autodesk SoftImage code execution
It's possible to embed commands into .scntoc files...
CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...
CVE-2009-3576
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents aka .scntoc file with a ScriptContent element, as demonstrated by code that loads the WScript.Shell ActiveX control...
CVE-2009-3576
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents aka .scntoc file with a ScriptContent element, as demonstrated by code that loads the WScript.Shell ActiveX control...
CVE-2009-3576
Autodesk Softimage (Softimage 7.x; Softimage XSI 6.x) is affected by CVE-2009-3576. The vulnerability arises from Scene TOC (.scntoc) XML files that Softimage loads automatically; a Script_Content element within a crafted .scntoc can execute arbitrary code via WScript.Shell/ADODB.Stream without u...
Autodesk SoftImage Scene TOC文件处理远程代码执行漏洞
BUGTRAQ ID: 36637 CVE ID: CVE-2009-3576 Autodesk Softimage是用于生成3D图形、3D模型和动画的图形应用程序。 Softimage默认会保持带有场景内容树的场景目录(.scntoc)文件。场景目录文件是包含有场景信息的XML文件,Softimage会查找相关的场景目录文件并应用其中的信息。用户可以编辑特制的.scntoc文件,加载了该文件后无需用户干涉就可以自动执行脚本。 Autodesk SoftImage XSI 6.x Autodesk SoftImage 7.x 临时解决方法: 通过以下步骤禁止自动读取SCTOC脚本:...
Autodesk SoftImage Scene TOC Arbitrary Command Execution
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary...
Core Security Technologies Advisory 2009.0908
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...
Autodesk SoftImage Scene TOC Arbitrary Command Execution
Advisory ID Internal CORE-2009-0908 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id: CORE-2009-0908 Advisory URL:http://www.coresecurity.com/content/softimage-arbitrary-command-execution Date published: 2009-11-23 Date of last update: 2009-11-20...
Autodesk SoftImage Scene TOC Arbitrary Command Execution
Exploit for unknown platform in category local exploits ======================================================== Autodesk SoftImage Scene TOC Arbitrary Command Execution ======================================================== Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution CVE-ID...
Autodesk SoftImage 7.0 Scene - '.TOC' File Remote Code Execution
source: https://www.securityfocus.com/bid/36637/info Autodesk Softimage is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service...
Autodesk SoftImage 7.0 Scene - .TOC File Remote Code Execution
Autodesk SoftImage 7.0 Scene - .TOC File Remote Code Execution source: https://www.securityfocus.com/bid/36637/info Autodesk Softimage is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the affected...
Autodesk SoftImage Scene TOC - Arbitrary Command Execution
Autodesk SoftImage Scene TOC - Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage...
Autodesk SoftImage Scene TOC - Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...