23214 matches found
CVE-2026-58380
GIMP contains a vulnerability in its PNM file format parser where the function pnmscanner_gettoken() writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one loop boundary check. This memory corruption could lead to denial of service or arbitrary code execut...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
ROOT-OS-DEBIAN-11-CVE-2024-42230 CVE-2024-42230 in rootio-linux - Patched by Root
Root has patched CVE-2024-42230 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
CVE-2026-22547
Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values...
EUVD-2026-41616
Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values...
CVE-2026-58379
The CVE-2026-58379 vulnerability affects GIMP 's Paint Shop Pro (PSP) file format parser. It is a heap buffer overflow caused by incorrect buffer size calculations when processing low bit-depth PSP images , which can lead to arbitrary code execution or DoS when a user opens a crafted image. The p...
CVE-2026-20243
A flaw was found in ClamAV's ALZ file format parser. An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted ALZ Archived Link Zipped file for scanning. This improper handling of ALZ files can lead to memory corruption, causing the ClamAV scanning...
osTicket - Arbitrary File Read
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...
CVE-2026-20244
A flaw was found in ClamAV's DMG file format parser. An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted DMG file for scanning. Improper boundary checks during the scanning process can lead to an integer overflow, primarily affecting 32-bit...
EUVD-2026-41545
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileg...
CVE-2026-46465
Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an externally-controlled format string vulnerability. A high-privilege attacker with remote access could exploit this over the network, potentially...
CVE-2026-50722
Libreswan is affected by CVE-2026-50722 through RSA_authenticate_hash_signature_pkcs1_1_5_rsa, which fails to properly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 (RFC 8017). This enables a remote attacker to perform a Bleichenbacher-like variati...
EUVD-2026-33432
golang.org/x/image/tiff has excessive resource consumption in PackBits decompression...
DEBIAN-CVE-2026-58381
A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the readlayerblock function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution...
CVE-2026-58381
CVE-2026-58381 affects GIMP's PSP file format parser. A double-free in read_layer_block() when processing a specially crafted PSP file can cause memory corruption, potentially leading to denial of service or arbitrary code execution. The provided data includes a CVSSv3.1 vector (AV:L/AC:L/PR:L/UI...
CVE-2026-58381
A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the readlayerblock function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
CVE-2026-53466
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been...
EUVD-2022-49113
Open Babel has out-of-bounds write in MSI translationVectors...