14 matches found
JLSEC-2026-645 When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption...
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...
Linux Distros Unpatched Vulnerability : CVE-2025-59730
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify...
Linux Distros Unpatched Vulnerability : CVE-2025-59734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be...
CVE-2025-59733
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...
DEBIAN-CVE-2025-59729
When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...
UBUNTU-CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
UBUNTU-CVE-2025-59734
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...
UBUNTU-CVE-2025-59729
When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...
CVE-2025-59731
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...
CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
PT-2024-34162 · Unknown · Icg.Aspnetcore.Utilities.Cloudstorage
Name of the Vulnerable Software and Affected Versions: ICG.AspNetCore.Utilities.CloudStorage versions prior to 8.0.0 Description: The issue affects users of the ICG.AspNetCore.Utilities.CloudStorage library who set a duration for a SAS Uri with a value other than 1 hour, potentially resulting in ...
PT-2023-22932 · Tsolucio · Tsolucio/Corebos
Name of the Vulnerable Software and Affected Versions: tsolucio/corebos versions prior to 8 Description: The issue is related to Cross-site Scripting XSS - Stored, which was found in the GitHub repository tsolucio/corebos. Recommendations: For versions prior to 8, update to version 8 or later to...
PT-2022-3277 · Unknown · Ldap Account Manager
Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue is related to the instantiation of objects from arbitrary classes in LDAP Account Manager, allowing an attacker to inject the first constructor argument. This can lead to code...