https://vulnerability.circl.lu/sightings/feed
Most recent sightings.
2026-05-05T21:15:17.293455+00:00
Vulnerability-Lookup
info@circl.lu
python-feedgen
Contains only the most 10 recent sightings.
https://vulnerability.circl.lu/sighting/c72b287f-a35f-4076-95b5-f2048776cf17/export
c72b287f-a35f-4076-95b5-f2048776cf17
2026-05-05T21:15:17.669560+00:00
Automation user
http://vulnerability.circl.lu/user/automation
{"uuid": "c72b287f-a35f-4076-95b5-f2048776cf17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40250", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mjq547cnbt27", "content": "", "creation_timestamp": "2026-04-18T00:01:27.754669Z"}
2026-04-18T00:01:27.754669+00:00
https://vulnerability.circl.lu/sighting/8a9f2ac9-4254-4c10-ac7b-2ef69a1011bf/export
8a9f2ac9-4254-4c10-ac7b-2ef69a1011bf
2026-05-05T21:15:17.669435+00:00
Automation user
http://vulnerability.circl.lu/user/automation
{"uuid": "8a9f2ac9-4254-4c10-ac7b-2ef69a1011bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40250", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjxw7aqjsr2q", "content": "", "creation_timestamp": "2026-04-21T02:19:11.622260Z"}
2026-04-21T02:19:11.622260+00:00
https://vulnerability.circl.lu/sighting/a144c58e-5314-422b-8f4c-d9b409af3b00/export
a144c58e-5314-422b-8f4c-d9b409af3b00
2026-05-05T21:15:17.669276+00:00
Automation user
http://vulnerability.circl.lu/user/automation
{"uuid": "a144c58e-5314-422b-8f4c-d9b409af3b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40250", "type": "seen", "source": "Telegram/y8A40ypWR-zTQL04UvuWU-fhawBkUz4Q7ssav8OQJXhA_oc", "content": "", "creation_timestamp": "2026-04-21T03:18:08.000000Z"}
2026-04-21T03:18:08+00:00
https://vulnerability.circl.lu/sighting/35d5695d-5fe3-41b0-8425-43a4b1c889ed/export
35d5695d-5fe3-41b0-8425-43a4b1c889ed
2026-05-05T21:15:17.666394+00:00
Automation user
http://vulnerability.circl.lu/user/automation
{"uuid": "35d5695d-5fe3-41b0-8425-43a4b1c889ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40250", "type": "seen", "source": "https://t.me/poxek/6045", "content": "OpenEXR: integer overflow \u0432 DWA decoder \u0432\u0435\u0434\u0451\u0442 \u043a heap OOB write. CVE-2026-40244 + CVE-2026-40250\n\n\u041d\u0430\u0448\u043b\u0438 \u043d\u0430\u0448\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439. \u041e\u0431\u0435 CVE \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u044b, \u0444\u0438\u043a\u0441\u044b \u0441\u043c\u0435\u0440\u0436\u0435\u043d\u044b upstream.\n\n\u041f\u0440\u043e\u0435\u043a\u0442. OpenEXR \u2014 \u044d\u0442\u0430\u043b\u043e\u043d\u043d\u044b\u0439 HDR-\u0444\u043e\u0440\u043c\u0430\u0442 Academy Software Foundation. \u0421\u0440\u0435\u0434\u0438 \u0441\u043f\u043e\u043d\u0441\u043e\u0440\u043e\u0432 ASWF \u2014 Netflix, Warner Bros, Walt Disney Studios, Apple, Sony Pictures, Microsoft. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 VFX-\u043f\u0430\u0439\u043f\u043b\u0430\u0439\u043d\u0430\u0445, \u0440\u0435\u043d\u0434\u0435\u0440\u0435\u0440\u0430\u0445, Blender, Nuke, Houdini.\n\n\u041e\u0434\u043d\u0430 \u043a\u043e\u0440\u043d\u0435\u0432\u0430\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u2014 \u0434\u0432\u0435 \u043b\u043e\u043a\u0430\u0446\u0438\u0438.\n\nInteger overflow \u043f\u0440\u0438 \u0443\u043c\u043d\u043e\u0436\u0435\u043d\u0438\u0438 int32_t \u00d7 int32_t \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043a size_t \u0432 pointer-\u0430\u0440\u0438\u0444\u043c\u0435\u0442\u0438\u043a\u0435 DWA decoder. \u041e\u0431\u0430 \u2014 missed variants CVE-2026-34589: \u043a\u043e\u0433\u0434\u0430 \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0444\u0438\u043a\u0441\u0438\u043b \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 CVE \u043f\u043e \u0442\u043e\u043c\u0443 \u0436\u0435 \u043a\u043b\u0430\u0441\u0441\u0443, \u0434\u0432\u0430 \u043c\u0435\u0441\u0442\u0430 \u0432 \u0444\u0438\u043a\u0441\u0435 \u043f\u0440\u043e\u043f\u0443\u0441\u0442\u0438\u043b\u0438.\n\nCVE-2026-40250 \u2014 DwaCompressor_uncompress():\n\noutBufferEnd += chan->width * chan->bytes_per_element;\n\n\u041f\u0440\u0438 width > 536M \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u044f\u0435\u0442 int32_t, \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c \u0443\u0435\u0437\u0436\u0430\u0435\u0442 \u043d\u0430\u0437\u0430\u0434, row-\u0431\u0443\u0444\u0435\u0440\u044b \u043f\u0435\u0440\u0435\u043a\u0440\u044b\u0432\u0430\u044e\u0442\u0441\u044f, LossyDctDecoder_execute \u043f\u0438\u0448\u0435\u0442 \u0432 heap.\n\nCVE-2026-40244 \u2014 setupChannelData(), RLE-\u043f\u0443\u0442\u044c:\n\n+ curc->width * curc->height\n\n\u041f\u0440\u0438 width \u00d7 height > INT32_MAX \u2014 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435, \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0435 \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u0435, OOB write \u043d\u0430 \u0440\u0430\u0441\u043a\u043b\u0430\u0434\u043a\u0435 RLE.\n\n\u0424\u0438\u043a\u0441 \u0432 \u043e\u0431\u043e\u0438\u0445 \u2014 (size_t) cast \u043f\u0435\u0440\u0435\u0434 \u0443\u043c\u043d\u043e\u0436\u0435\u043d\u0438\u0435\u043c. \u0422\u043e\u0442 \u0436\u0435 \u043f\u0430\u0442\u0442\u0435\u0440\u043d \u0432 \u0442\u043e\u043c \u0436\u0435 \u0444\u0430\u0439\u043b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u043d\u0430 \u0441\u0442\u0440\u043e\u043a\u0430\u0445 1215 \u0438 1699. \u0414\u0432\u0430 \u043c\u0435\u0441\u0442\u0430 \u0437\u0430\u0431\u044b\u043b\u0438.\n\n\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b. CVSS 8.4 (High), CWE-190. Impact \u2014 heap OOB write, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 RCE.\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b 3.2.0\u20133.2.7, 3.3.0\u20133.3.9, 3.4.0\u20133.4.9. \u041f\u0430\u0442\u0447\u0438 \u2014 3.2.8, 3.3.10, 3.4.10.\n\n\u0412\u0435\u043a\u0442\u043e\u0440. \u041b\u044e\u0431\u043e\u0439 \u0441\u0435\u0440\u0432\u0438\u0441, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0439 EXR: \u0440\u0435\u043d\u0434\u0435\u0440\u0435\u0440\u044b, viewer'\u044b, DCC-\u043f\u0430\u0439\u043f\u043b\u0430\u0439\u043d\u044b, \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0430\u0441\u0441\u0435\u0442\u043e\u0432, web-\u043f\u0440\u0435\u0432\u044c\u044e HDR.\n\n\u0412\u044b\u0432\u043e\u0434\n\n\u0414\u0430\u0436\u0435 \u0432 \u043f\u0440\u043e\u0435\u043a\u0442\u0435 \u0443\u0440\u043e\u0432\u043d\u044f ASWF, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442 \u0441\u0442\u0443\u0434\u0438\u0438 \u0441 \u0431\u044e\u0434\u0436\u0435\u0442\u0430\u043c\u0438 \u043d\u0430 \u0418\u0411 \u0432 \u0441\u043e\u0442\u043d\u0438 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432, \u0436\u0438\u0432\u0443\u0442 \u0442\u0438\u043f\u043e\u0432\u044b\u0435 integer overflow'\u044b \u2014 \u0438 \u043d\u0435 \u043f\u043e \u043e\u0434\u043d\u043e\u043c\u0443, \u0430 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430\u043c\u0438. \u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043d\u0435 \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u0435\u0442 \u0435\u0451 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c. \u041b\u044e\u0431\u0443\u044e \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0430\u0440\u0441\u0438\u0442 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0442\u044c \u0432 \u043c\u043e\u0434\u0435\u043b\u044c \u0443\u0433\u0440\u043e\u0437: \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044f \u0432\u0445\u043e\u0434\u0430 \u0434\u043e \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0432 SDK, \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0430 \u0434\u043b\u044f \u043f\u0430\u0440\u0441\u0435\u0440\u043e\u0432 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u0430\u0443\u0434\u0438\u0442 int \u00d7 int \u0432 pointer-\u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u044f\u0445 \u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u0445 \u043f\u0443\u0442\u044f\u0445.", "creation_timestamp": "2026-04-22T15:06:02.000000Z"}
2026-04-22T15:06:02+00:00