Lucene search
+L

116 matches found

nessus
nessus
added 2026/06/25 12:0 a.m.13 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-8468-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8468-1 advisory. It was discovered that ImageMagick incorrectly handled certain images when using the...

8.1CVSS7.8AI score0.00353EPSS
Exploits0References7
ubuntu
ubuntu
added 2026/06/24 5:45 p.m.11 views

USN-8468-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain images when using the wavelet-denoise operator. An attacker could possibly use this issue to trigger a heap buffer over-read, resulting in information disclosure. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22....

8.1CVSS7.7AI score0.00353EPSS
Exploits0
osv
osv
added 2026/06/24 5:45 p.m.12 views

USN-8468-1 imagemagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain images when using the wavelet-denoise operator. An attacker could possibly use this issue to trigger a heap buffer over-read, resulting in information disclosure. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22....

8.1CVSS7.7AI score0.00353EPSS
Exploits0References7
astralinux
astralinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, there was a heap buffer over-read vulnerability when processing images with small dimensions using the -wavelet-denoise operator. Versions 7.1.2-15 and 6.9.13-4...

7.1CVSS7.2AI score0.00137EPSS
Exploits0References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out-of-bounds heap write within the WaveletDenoiseImage method. When processing a crafted image using the -wavelet-denoise...

5.5CVSS7.1AI score0.00106EPSS
Exploits0References2
osv
osv
added 2026/05/26 7:31 p.m.12 views

JLSEC-2026-551

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...

6.5CVSS6.9AI score0.00259EPSS
Exploits0References2
nessus
nessus
added 2026/05/09 12:0 a.m.10 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-016800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016800 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read...

7.1CVSS7.3AI score0.00137EPSS
Exploits0References4
osv
osv
added 2026/04/23 1:26 p.m.8 views

CLSA-2026-1776950756 openexr: Fix of CVE-2026-34588

CVE-2026-34588 fix signed 32-bit integer overflow in PIZ decoder wavelet buffer arithmetic leading to out-of-bounds read/write...

8.8CVSS6AI score0.00482EPSS
Exploits1References1
osv
osv
added 2026/04/23 1:13 p.m.9 views

CLSA-2026-1776950014 openexr: Fix of CVE-2026-34588

CVE-2026-34588 fix signed 32-bit integer overflow in PIZ decoder wavelet buffer arithmetic leading to out-of-bounds read/write...

8.8CVSS6AI score0.00482EPSS
Exploits1References1
osv
osv
added 2026/04/17 3:19 p.m.9 views

JLSEC-2026-148

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.8CVSS5.8AI score0.00482EPSS
Exploits1References4
nessus
nessus
added 2026/04/10 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007080)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007080 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause ...

5.5CVSS5.9AI score0.00106EPSS
Exploits0References4
osv
osv
added 2026/04/08 3:9 p.m.2 views

GHSA-588R-CR5C-W6HF OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

Summary internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic: c wavbuf += nx ny wcount; Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path...

8.6CVSS5.9AI score0.00482EPSS
Exploits1References6
github
github
added 2026/04/08 3:9 p.m.8 views

OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

Summary internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic: c wavbuf += nx ny wcount; Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path...

8.8CVSS5.9AI score0.00482EPSS
Exploits1References6Affected Software1
susecve
susecve
added 2026/04/07 11:25 p.m.4 views

SUSE CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

7CVSS5.8AI score0.00482EPSS
Exploits1References7
osv
osv
added 2026/04/07 12:24 p.m.3 views

SUSE-SU-2026:1202-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds chec...

9.8CVSS6AI score0.00475EPSS
Exploits0References46
nvd
nvd
added 2026/04/06 4:16 p.m.4 views

CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.8CVSS0.00482EPSS
Exploits1References20
ubuntucve
ubuntucve
added 2026/04/06 4:16 p.m.4 views

CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.6CVSS5.9AI score0.00482EPSS
Exploits1References10
vulnrichment
vulnrichment
added 2026/04/06 3:31 p.m.4 views

CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.6CVSS5.9AI score0.00482EPSS
Exploits1References4
cve
cve
added 2026/04/06 3:31 p.m.40 views

CVE-2026-34588

OpenEXR contains a local overflow in internal_exr_undo_piz() where nx, ny, and wcount are int, allowing an overflow and wrap that causes out-of-bounds reads/writes during wavelet decoding. This affects 3.1.0–3.2.6, 3.3.0–3.3.8, and 3.4.0–3.4.8 (per CVE-2026-34588) and is fixed in 3.2.7, 3.3.9, an...

8.8CVSS5.9AI score0.00482EPSS
Exploits1References20Affected Software1
attackerkb
attackerkb
added 2026/04/06 3:31 p.m.3 views

CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.8CVSS7.2AI score0.00482EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder