Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2025-1101)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1101 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE:...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2025-1106)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1106 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE:...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2025-2956)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.462.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2956 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2025-020)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0462.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2025-020 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1113)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1113 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-1118)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1118 advisory. A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdfferror of the file...

Amazon Linux 2 : LibRaw (ALAS-2025-2954)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2954 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1...

Amazon Linux 2023 : cuda-nvdisasm-13 (ALAS2023NVIDIA-2025-145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-145 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successfu...

Amazon Linux 2023 : libnvidia-nscq (ALAS2023NVIDIA-2025-137)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-137 advisory. NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A...

Amazon Linux 2023 : ecs-init (ALAS2023-2025-1109)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1109 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-1134)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1134 advisory. A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS. CVE-2025-32049 Tenable has...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-1114)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1114 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2025-1092)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1092 advisory. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Tenabl...

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2025-1096)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1096 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disab...

Amazon Linux 2023 : pam, pam-devel (ALAS2023-2025-1121)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1121 advisory. A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink...

Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2025-1122)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1122 advisory. A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS...

Amazon Linux 2023 : python3-requests, python3-requests+security, python3-requests+socks (ALAS2023-2025-1110)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1110 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to...

Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2025-1100)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1100 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE:...

Amazon Linux 2023 : nvidia-modprobe (ALAS2023NVIDIA-2025-133)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-133 advisory. NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A...