{"vulnerability": "CVE-2026-4025", "sightings": [{"uuid": "a820f1d4-d401-4054-b5b2-db2da69c5da2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40259", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mjpcahl2i72l", "content": "", "creation_timestamp": "2026-04-17T16:00:40.075982Z"}, {"uuid": "a83f003a-c078-45b8-bde0-cb8b95743d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4025", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3miy2q45k6u2z", "content": "", "creation_timestamp": "2026-04-08T10:15:00.669834Z"}, {"uuid": "9066f784-00c7-410a-b39c-4175216ea201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40255", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjnnij7teu2f", "content": "", "creation_timestamp": "2026-04-17T00:16:41.367588Z"}, {"uuid": "6a95bca4-9d1c-441e-b525-405574b4ea77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40253", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjnnxazhf22f", "content": "", "creation_timestamp": "2026-04-17T00:24:56.121127Z"}, {"uuid": "3ce80571-125f-4f2f-a091-b8910775deae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40259", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjnppgbvvx2d", "content": "", "creation_timestamp": "2026-04-17T00:56:20.742966Z"}, {"uuid": "35d5695d-5fe3-41b0-8425-43a4b1c889ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40250", "type": "seen", "source": "https://t.me/poxek/6045", "content": "OpenEXR: integer overflow \u0432 DWA decoder \u0432\u0435\u0434\u0451\u0442 \u043a heap OOB write. CVE-2026-40244 + CVE-2026-40250\n\n\u041d\u0430\u0448\u043b\u0438 \u043d\u0430\u0448\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439. \u041e\u0431\u0435 CVE \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u044b, \u0444\u0438\u043a\u0441\u044b \u0441\u043c\u0435\u0440\u0436\u0435\u043d\u044b upstream.\n\n\u041f\u0440\u043e\u0435\u043a\u0442. OpenEXR \u2014 \u044d\u0442\u0430\u043b\u043e\u043d\u043d\u044b\u0439 HDR-\u0444\u043e\u0440\u043c\u0430\u0442 Academy Software Foundation. \u0421\u0440\u0435\u0434\u0438 \u0441\u043f\u043e\u043d\u0441\u043e\u0440\u043e\u0432 ASWF \u2014 Netflix, Warner Bros, Walt Disney Studios, Apple, Sony Pictures, Microsoft. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 VFX-\u043f\u0430\u0439\u043f\u043b\u0430\u0439\u043d\u0430\u0445, \u0440\u0435\u043d\u0434\u0435\u0440\u0435\u0440\u0430\u0445, Blender, Nuke, Houdini.\n\n\u041e\u0434\u043d\u0430 \u043a\u043e\u0440\u043d\u0435\u0432\u0430\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u2014 \u0434\u0432\u0435 \u043b\u043e\u043a\u0430\u0446\u0438\u0438.\n\nInteger overflow \u043f\u0440\u0438 \u0443\u043c\u043d\u043e\u0436\u0435\u043d\u0438\u0438 int32_t \u00d7 int32_t \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043a size_t \u0432 pointer-\u0430\u0440\u0438\u0444\u043c\u0435\u0442\u0438\u043a\u0435 DWA decoder. \u041e\u0431\u0430 \u2014 missed variants CVE-2026-34589: \u043a\u043e\u0433\u0434\u0430 \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0444\u0438\u043a\u0441\u0438\u043b \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 CVE \u043f\u043e \u0442\u043e\u043c\u0443 \u0436\u0435 \u043a\u043b\u0430\u0441\u0441\u0443, \u0434\u0432\u0430 \u043c\u0435\u0441\u0442\u0430 \u0432 \u0444\u0438\u043a\u0441\u0435 \u043f\u0440\u043e\u043f\u0443\u0441\u0442\u0438\u043b\u0438.\n\nCVE-2026-40250 \u2014 DwaCompressor_uncompress():\n\noutBufferEnd += chan->width * chan->bytes_per_element;\n\n\u041f\u0440\u0438 width > 536M \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u044f\u0435\u0442 int32_t, \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c \u0443\u0435\u0437\u0436\u0430\u0435\u0442 \u043d\u0430\u0437\u0430\u0434, row-\u0431\u0443\u0444\u0435\u0440\u044b \u043f\u0435\u0440\u0435\u043a\u0440\u044b\u0432\u0430\u044e\u0442\u0441\u044f, LossyDctDecoder_execute \u043f\u0438\u0448\u0435\u0442 \u0432 heap.\n\nCVE-2026-40244 \u2014 setupChannelData(), RLE-\u043f\u0443\u0442\u044c:\n\n+ curc->width * curc->height\n\n\u041f\u0440\u0438 width \u00d7 height > INT32_MAX \u2014 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435, \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0435 \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u0435, OOB write \u043d\u0430 \u0440\u0430\u0441\u043a\u043b\u0430\u0434\u043a\u0435 RLE.\n\n\u0424\u0438\u043a\u0441 \u0432 \u043e\u0431\u043e\u0438\u0445 \u2014 (size_t) cast \u043f\u0435\u0440\u0435\u0434 \u0443\u043c\u043d\u043e\u0436\u0435\u043d\u0438\u0435\u043c. \u0422\u043e\u0442 \u0436\u0435 \u043f\u0430\u0442\u0442\u0435\u0440\u043d \u0432 \u0442\u043e\u043c \u0436\u0435 \u0444\u0430\u0439\u043b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u043d\u0430 \u0441\u0442\u0440\u043e\u043a\u0430\u0445 1215 \u0438 1699. \u0414\u0432\u0430 \u043c\u0435\u0441\u0442\u0430 \u0437\u0430\u0431\u044b\u043b\u0438.\n\n\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b. CVSS 8.4 (High), CWE-190. Impact \u2014 heap OOB write, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 RCE.\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b 3.2.0\u20133.2.7, 3.3.0\u20133.3.9, 3.4.0\u20133.4.9. \u041f\u0430\u0442\u0447\u0438 \u2014 3.2.8, 3.3.10, 3.4.10.\n\n\u0412\u0435\u043a\u0442\u043e\u0440. \u041b\u044e\u0431\u043e\u0439 \u0441\u0435\u0440\u0432\u0438\u0441, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0439 EXR: \u0440\u0435\u043d\u0434\u0435\u0440\u0435\u0440\u044b, viewer'\u044b, DCC-\u043f\u0430\u0439\u043f\u043b\u0430\u0439\u043d\u044b, \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0430\u0441\u0441\u0435\u0442\u043e\u0432, web-\u043f\u0440\u0435\u0432\u044c\u044e HDR.\n\n\u0412\u044b\u0432\u043e\u0434\n\n\u0414\u0430\u0436\u0435 \u0432 \u043f\u0440\u043e\u0435\u043a\u0442\u0435 \u0443\u0440\u043e\u0432\u043d\u044f ASWF, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442 \u0441\u0442\u0443\u0434\u0438\u0438 \u0441 \u0431\u044e\u0434\u0436\u0435\u0442\u0430\u043c\u0438 \u043d\u0430 \u0418\u0411 \u0432 \u0441\u043e\u0442\u043d\u0438 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432, \u0436\u0438\u0432\u0443\u0442 \u0442\u0438\u043f\u043e\u0432\u044b\u0435 integer overflow'\u044b \u2014 \u0438 \u043d\u0435 \u043f\u043e \u043e\u0434\u043d\u043e\u043c\u0443, \u0430 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430\u043c\u0438. \u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043d\u0435 \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u0435\u0442 \u0435\u0451 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c. \u041b\u044e\u0431\u0443\u044e \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0430\u0440\u0441\u0438\u0442 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0442\u044c \u0432 \u043c\u043e\u0434\u0435\u043b\u044c \u0443\u0433\u0440\u043e\u0437: \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044f \u0432\u0445\u043e\u0434\u0430 \u0434\u043e \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0432 SDK, \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0430 \u0434\u043b\u044f \u043f\u0430\u0440\u0441\u0435\u0440\u043e\u0432 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u0430\u0443\u0434\u0438\u0442 int \u00d7 int \u0432 pointer-\u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u044f\u0445 \u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u0445 \u043f\u0443\u0442\u044f\u0445.", "creation_timestamp": "2026-04-22T15:06:02.000000Z"}, {"uuid": "b7336ca1-693d-4886-a8e4-ca814cdd8e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40252", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj6fxmmmds2t", "content": "", "creation_timestamp": "2026-04-10T22:52:02.316477Z"}, {"uuid": "87566d2f-4f38-49fe-9369-80924eb11097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40258", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mjpzopfphj2a", "content": "", "creation_timestamp": "2026-04-17T23:00:15.026082Z"}, {"uuid": "76b186e4-9df1-4cb0-9768-232427a65146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40258", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116422528958630190", "content": "", "creation_timestamp": "2026-04-17T23:00:17.927879Z"}, {"uuid": "c72b287f-a35f-4076-95b5-f2048776cf17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40250", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mjq547cnbt27", "content": "", "creation_timestamp": "2026-04-18T00:01:27.754669Z"}, {"uuid": "e1681b34-cd2d-4fb7-8c80-4dbf723bf188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40258", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjq3xdi4jv2t", "content": "", "creation_timestamp": "2026-04-17T23:40:50.599004Z"}, {"uuid": "3480582e-f831-4608-a20c-28e86011f176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40258", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mjqd4fdoxj2h", "content": "", "creation_timestamp": "2026-04-18T01:48:56.570400Z"}, {"uuid": "aa29340c-adf7-48f4-918e-642d2aba74ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40259", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjxn5gs36a2y", "content": "", "creation_timestamp": "2026-04-20T23:37:07.153722Z"}, {"uuid": "8a9f2ac9-4254-4c10-ac7b-2ef69a1011bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40250", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjxw7aqjsr2q", "content": "", "creation_timestamp": "2026-04-21T02:19:11.622260Z"}, {"uuid": "fb69aa0f-1c72-4416-9664-eb80f4fd9d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40259", "type": "published-proof-of-concept", "source": "Telegram/L_7r3B6HZ1No5mrz6_jolg2h46aKqgVbGrSL49d6iAO6fVY", "content": "", "creation_timestamp": "2026-04-17T01:16:10.000000Z"}, {"uuid": "172f82b3-9da2-47e4-bace-c8e090afd704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40258", "type": "published-proof-of-concept", "source": "Telegram/3g7V6SV_71PzaXn8Yubvw4Z7qK4NE-jaYcye5068Hc2mjiw", "content": "", "creation_timestamp": "2026-04-17T23:20:15.000000Z"}, {"uuid": "5ba29ec8-0124-4f90-8d6c-f17fd80596a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40252", "type": "seen", "source": "Telegram/UoNmOvyrT0xD6ttUxw0GWEmNWGrIstm3XawCByymdxwMbjs", "content": "", "creation_timestamp": "2026-04-21T19:24:58.000000Z"}, {"uuid": "4bedb47c-7278-421e-b2e5-e1f91672a34a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40259", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-7m5h-w69j-qggg", "content": "", "creation_timestamp": "2026-04-10T09:32:21.000000Z"}, {"uuid": "a144c58e-5314-422b-8f4c-d9b409af3b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40250", "type": "seen", "source": "Telegram/y8A40ypWR-zTQL04UvuWU-fhawBkUz4Q7ssav8OQJXhA_oc", "content": "", "creation_timestamp": "2026-04-21T03:18:08.000000Z"}, {"uuid": "917f9375-943c-4dc4-a223-fc5045ff4c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4025", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mldgesvod32s", "content": "CVE-2026-4025 privatecontent-free (CVSS Score 6.4) #WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge", "creation_timestamp": "2026-05-08T09:33:07.142222Z"}]}