116 matches found
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-8468-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8468-1 advisory. It was discovered that ImageMagick incorrectly handled certain images when using the...
USN-8468-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain images when using the wavelet-denoise operator. An attacker could possibly use this issue to trigger a heap buffer over-read, resulting in information disclosure. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22....
USN-8468-1 imagemagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain images when using the wavelet-denoise operator. An attacker could possibly use this issue to trigger a heap buffer over-read, resulting in information disclosure. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22....
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, there was a heap buffer over-read vulnerability when processing images with small dimensions using the -wavelet-denoise operator. Versions 7.1.2-15 and 6.9.13-4...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out-of-bounds heap write within the WaveletDenoiseImage method. When processing a crafted image using the -wavelet-denoise...
JLSEC-2026-551
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-016800)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016800 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read...
CLSA-2026-1776950756 openexr: Fix of CVE-2026-34588
CVE-2026-34588 fix signed 32-bit integer overflow in PIZ decoder wavelet buffer arithmetic leading to out-of-bounds read/write...
CLSA-2026-1776950014 openexr: Fix of CVE-2026-34588
CVE-2026-34588 fix signed 32-bit integer overflow in PIZ decoder wavelet buffer arithmetic leading to out-of-bounds read/write...
JLSEC-2026-148
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007080)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007080 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause ...
GHSA-588R-CR5C-W6HF OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
Summary internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic: c wavbuf += nx ny wcount; Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path...
OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
Summary internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic: c wavbuf += nx ny wcount; Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path...
SUSE CVE-2026-34588
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
SUSE-SU-2026:1202-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds chec...
CVE-2026-34588
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-34588
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-34588
OpenEXR contains a local overflow in internal_exr_undo_piz() where nx, ny, and wcount are int, allowing an overflow and wrap that causes out-of-bounds reads/writes during wavelet decoding. This affects 3.1.0–3.2.6, 3.3.0–3.3.8, and 3.4.0–3.4.8 (per CVE-2026-34588) and is fixed in 3.2.7, 3.3.9, an...
CVE-2026-34588
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...