How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Introduction ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a standalone command-line application and as a library that can be embedded in other software. In this article, we break down CVE-2026-3102, an ExifToo...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

Malicious code in @weirdorg/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...

MAL-2026-4467 Malicious code in @weirdorg/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...

openexr security update

An update is available for openexr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file format...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, and macOS Monterey 12.2. Processing maliciously crafted web content may lead to...

Astra Linux - уязвимость в linux-5.10

A buffer overflow vulnerability was discovered in the Netfilter subsystem of the Linux kernel. This issue could allow the leakage of both stack and heap addresses, and potentially enable Local Privilege Escalation to the root user through arbitrary code execution...

Astra Linux - уязвимость в e2fsprogs

A out-of-bounds read/write vulnerability was discovered in e2fsprogs 1.46.5. This issue results in a segmentation fault and may allow for arbitrary code execution through a specially crafted filesystem...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR...

Astra Linux - уязвимость в postgresql-11

A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...

Astra Linux - уязвимость в firefox, thunderbird

Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, and iPadOS 14.4, as we...

Astra Linux - уязвимость в webkit2gtk

A memory corruption issue has been resolved through improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 v. 14610.4.3.1.7 and 15610.4.3.1.7, watchOS 7.3.2, and macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в mariadb-10.3

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management mechanisms. This issue is fixed in iOS 15.5, iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, and watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code...

Astra Linux - уязвимость в logback

In Logback version 1.2.7 and earlier versions, an attacker with the necessary privileges to edit configuration files could create a malicious configuration that allowed the execution of arbitrary code loaded from LDAP servers...

Astra Linux – Vulnerability in openimageio

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially crafted targa file can lead to out-of-bound read and write operations on the process stack, which can result in arbitrary code execution. An attacker can provide a malicious file...

Astra Linux - уязвимость в webkit2gtk

The issue has been addressed through improved checks. This issue is fixed in iOS 16.6, iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, and watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report indicating that this issue may have been...

Astra Linux - уязвимость в webkit2gtk

The issue was resolved through improved memory handling. This issue is fixed in iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...