12589 matches found
CVE-2025-60473
GPAC Project/MP4Box contains a NULL pointer dereference in the gf_filter_in_parent_chain function (filter_core/filter_pid.c) that affects versions before 26.02.0. This vulnerability allows an attacker to cause a Denial of Service by supplying a crafted MP4 file. The CVE entries (CVE-2025-60473) c...
CVE-2026-54651
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...
Gogs has a Denial of Service in repository/wiki file listing web pages
Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. Details The issue is...
libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...
Autodesk Revit 2024 < 2024.3.5 / 2025 < 2025.4.5 / 2026 < 2026.4.1 / 2027 < 2027.1 DoS (adsk-sa-2026-0007)
The version of Autodesk Revit installed on the remote host is 2024 prior to 2024.3.5, 2025 prior to 2025.4.5, 2026 prior to 2026.4.1, or 2027 prior to 2027.1. It is, therefore, affected by a denial of service vulnerability: - A maliciously crafted RFA file, when converted to FormIt via 'Convert R...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...
Astra Linux – Vulnerability in Graphviz
A buffer overflow in the Graphviz Graph Visualization Tools, starting from the commit ID f8b9e035 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service application crash by loading a crafted file into the "lib/common/shapes.c" component...
Astra Linux – Vulnerability in binutils
In the GNU Binutils before version 2.40, there is a heap-buffer-overflow issue in the error function bfdgetl32 when called from the stripmain function in strip-new, through a specially crafted file...
Astra Linux – Vulnerability in libde265
libde265 v1.0.4 contains a heap buffer overflow vulnerability in the mmloadlepi64 function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the putweightedbipred16fallback function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in hdf5
There is an out-of-bounds write vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the putqpel00fallback16 function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to local application denial of service in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick, specifically in the MagickCore/visual-effects.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The greatest threat of this vulnerability is to system...
Astra Linux – Vulnerability in hdf5
A SIGFPE signal is raised in the function applyilters of h5repackfilters.c in the HDF HDF5 through 1.10.3 library during an attempt to parse a crafted HDF file, due to incorrect protection against division by zero. This could allow a remote denial-of-service attack...
CVE-2026-44663
Technical summary (OpenEXR CVE-2026-44663): In OpenEXR 3.4.0–3.4.11, ht_undo_impl() in OpenEXRCore/internal_ht.cpp performs an integer overflow when computing bytes_per_element during HTJ2K decoding, causing a heap-buffer-overflow on large widths (e.g., >= 536,870,912 for FLOAT). The overflow ...
libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...
EUVD-2026-36799
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
CVE-2026-53705
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
GIMP: GIMP: Arbitrary code execution via specially crafted PSD file
A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...