Dng Software Development Kit
Monthly
DNG SDK versions 1.7.1 and earlier contain an integer overflow vulnerability that allows local attackers to crash affected applications through specially crafted files. Exploitation requires user interaction, as victims must open a malicious file to trigger the denial-of-service condition. No patch is currently available for this vulnerability.
Arbitrary code execution in DNG SDK 1.7.1 2471 and earlier via an out-of-bounds write vulnerability that executes with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it exploitable through social engineering with crafted documents. No patch is currently available for affected DNG Software Development Kit users.
Out-of-bounds memory read in DNG SDK 1.7.1 (2410) and earlier enables attackers to extract sensitive information from process memory when a user opens a specially crafted file. The vulnerability requires local user interaction but poses a direct confidentiality risk to applications processing untrusted DNG image files. No patch is currently available for affected versions.
DNG SDK 1.7.1 (build 2410) and earlier contain an integer overflow vulnerability that causes application denial-of-service when processing malicious files. Local attackers can exploit this flaw by tricking users into opening a specially crafted file, resulting in application crashes or hangs. No patch is currently available.
Arbitrary code execution in DNG SDK 1.7.1 2410 and earlier stems from an integer overflow vulnerability that executes with user privileges when a victim opens a crafted file. The local attack vector requires user interaction but carries high impact across confidentiality, integrity, and availability with no patch currently available.
Arbitrary code execution in DNG SDK 1.7.1 build 2410 and earlier via out-of-bounds write when processing malicious DNG files. An attacker can achieve code execution with user privileges by tricking a victim into opening a specially crafted file. No patch is currently available for this vulnerability.
DNG SDK versions 1.7.1 and earlier contain an integer overflow vulnerability that allows local attackers to crash affected applications through specially crafted files. Exploitation requires user interaction, as victims must open a malicious file to trigger the denial-of-service condition. No patch is currently available for this vulnerability.
Arbitrary code execution in DNG SDK 1.7.1 2471 and earlier via an out-of-bounds write vulnerability that executes with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it exploitable through social engineering with crafted documents. No patch is currently available for affected DNG Software Development Kit users.
Out-of-bounds memory read in DNG SDK 1.7.1 (2410) and earlier enables attackers to extract sensitive information from process memory when a user opens a specially crafted file. The vulnerability requires local user interaction but poses a direct confidentiality risk to applications processing untrusted DNG image files. No patch is currently available for affected versions.
DNG SDK 1.7.1 (build 2410) and earlier contain an integer overflow vulnerability that causes application denial-of-service when processing malicious files. Local attackers can exploit this flaw by tricking users into opening a specially crafted file, resulting in application crashes or hangs. No patch is currently available.
Arbitrary code execution in DNG SDK 1.7.1 2410 and earlier stems from an integer overflow vulnerability that executes with user privileges when a victim opens a crafted file. The local attack vector requires user interaction but carries high impact across confidentiality, integrity, and availability with no patch currently available.
Arbitrary code execution in DNG SDK 1.7.1 build 2410 and earlier via out-of-bounds write when processing malicious DNG files. An attacker can achieve code execution with user privileges by tricking a victim into opening a specially crafted file. No patch is currently available for this vulnerability.