Lucene search
K

14 matches found

OSV
OSV
added 2026/06/26 8:24 p.m.3 views

JLSEC-2026-645 When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption...

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...

8.7CVSS6.6AI score0.00155EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-59730

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify...

5.7CVSS6AI score0.00149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2025-59734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be...

8.7CVSS6.2AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2025/10/06 8:15 a.m.11 views

CVE-2025-59733

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...

8.7CVSS0.00171EPSS
Exploits0References1
OSV
OSV
added 2025/10/06 8:15 a.m.4 views

DEBIAN-CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

5.7CVSS7AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2025/10/06 8:15 a.m.2 views

UBUNTU-CVE-2025-59730

When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...

5.7CVSS6AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 2025/10/06 8:15 a.m.4 views

UBUNTU-CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

8.7CVSS6AI score0.00167EPSS
Exploits0References3
OSV
OSV
added 2025/10/06 8:15 a.m.4 views

UBUNTU-CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

5.7CVSS5.8AI score0.00149EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/06 8:9 a.m.3 views

CVE-2025-59731

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...

6.9CVSS7.1AI score0.0016EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/10/06 8:9 a.m.4 views

CVE-2025-59730

When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...

5.7CVSS7.1AI score0.00149EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/10/06 8:9 a.m.6 views

CVE-2025-59730

When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...

5.7CVSS5.6AI score0.00149EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.6 views

PT-2024-34162 · Unknown · Icg.Aspnetcore.Utilities.Cloudstorage

Name of the Vulnerable Software and Affected Versions: ICG.AspNetCore.Utilities.CloudStorage versions prior to 8.0.0 Description: The issue affects users of the ICG.AspNetCore.Utilities.CloudStorage library who set a duration for a SAS Uri with a value other than 1 hour, potentially resulting in ...

6.9CVSS7.2AI score0.0029EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.6 views

PT-2023-22932 · Tsolucio · Tsolucio/Corebos

Name of the Vulnerable Software and Affected Versions: tsolucio/corebos versions prior to 8 Description: The issue is related to Cross-site Scripting XSS - Stored, which was found in the GitHub repository tsolucio/corebos. Recommendations: For versions prior to 8, update to version 8 or later to...

6.5CVSS5.7AI score0.00471EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.2 views

PT-2022-3277 · Unknown · Ldap Account Manager

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue is related to the instantiation of objects from arbitrary classes in LDAP Account Manager, allowing an attacker to inject the first constructor argument. This can lead to code...

9.3CVSS6.7AI score0.02346EPSS
Exploits2References31
Rows per page
Query Builder