Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libpng (UTSA-2026-015468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015468 advisory. Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program...

CVE-2026-34555

Technical specifics (affected products/versions/vector details) are not publicly provided in the supplied documents. The entry notes a stack-buffer-overflow in iccDEV CIccTagFixedNum::GetValues() prior to 2.3.1.6 and a patch in 2.3.1.6.

EUVD-2026-17719

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow HBO in CIccApplyCmmSearch::costFunc can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an...

CVE-2026-34539 iccDEV: HBO in CTiffImg::WriteLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

JLSEC-2026-9 Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of s...

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...

PT-2026-24697

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get var integer accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...

📄 OpenBabel 3.1.1 Parsing Issues

This Metasploit auxiliary module generates specially crafted proof of concept files targeting potential parsing vulnerabilities in OpenBabel version 3.1.1 such as NULL pointer dereference and out-of-bounds read conditions...

SUSE CVE-2025-28162

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...

CVE-2025-28162

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...

EUVD-2022-34735

Malicious code in bioql PyPI...

EUVD-2021-28194

Malicious code in bioql PyPI...

NanoTag: Systems Support for Efficient Byte-Granular Overflow Detection on ARM MTE

Memory safety bugs, such as buffer overflows and use-after-frees, are the leading causes of software safety issues in production. Software-based approaches, e.g., Address Sanitizer ASAN, can detect such bugs with high precision, but with prohibitively high overhead. ARM's Memory Tagging Extension...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

TencentOS Server 3: tcpdump (TSSA-2024:0059)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0059 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0029: tcpdump (ALINUX3-SA-2024:0029)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0029 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-41043: Use after free in tcpslice triggers...

Linux Distros Unpatched Vulnerability : CVE-2022-2476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL...

SUSE CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

Stable Channel Update for Desktop

The Stable channel has been updated to 131.0.6778.139/.140 for Windows, Mac and 131.0.6778.139 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

PYSEC-2024-293

A segmentation fault SEGV was detected in the Assimp::SplitLargeMeshesProcessTriangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a...