libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libheif vulnerabilities (USN-8454-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8454-1 advisory. Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the code file coders/hdr.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned char. This likely leads to a disruption in the...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick’s MagickCore/resize.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, specifically a division by zero in mathematics. This likely results in a disruption to the application’s functionality, but it may als...

EUVD-2026-37930

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

Python Library OpenEXR 3.4.x < 3.4.12 Multiple Vulnerabilities

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.12. It is, therefore, affected by multiple vulnerabilities: - An integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer-overflow when decoding a crafted HTJ2K-compress...

DEBIAN-CVE-2026-53705

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

Linux Distros Unpatched Vulnerability : CVE-2026-53705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer...

EUVD-2026-36506

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a...

PT-2026-48929

Name of the Vulnerable Software and Affected Versions NanaZip versions 3.0.1000.0 through 6.0.1697.0 Description A heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a bounds check allows an...

Vulnerabilities present in Adobe Acrobat Reader

Adobe has identified vulnerabilities in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier versions. These vulnerabilities include an out-of-bounds write vulnerability and multiple Use After Free errors. These errors occur when processing certain malformed or maliciously...

Linux Distros Unpatched Vulnerability : CVE-2025-52292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack buffer overflow in the fileinprocess function infile.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4...

Uncontrolled Recursion

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

[SECURITY] [DSA 6334-1] poppler security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6334-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2026 https://www.debian.org/security/faq -...

gpac 缓冲区错误漏洞

GPAC MP4Box is a open-source multimedia packager developed by GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box contains a security...

JLSEC-2026-574

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

CVE-2025-60483

A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

CVE-2026-42250

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...

bzip2 安全漏洞

Bzip2 is an open-source compression/ decompression application developed by the Bzip2 organization. Bzip2 has a security vulnerability, which stems from a minor error in the bzip2recover tool. This error may lead to out-of-bound writing when processing specially crafted files, resulting in memory...

PT-2026-44373

Name of the Vulnerable Software and Affected Versions bzip2 versions prior to 1.0.9 Description The bzip2recover utility contains an off-by-one error. When processing a specially crafted file, the application performs an out-of-bounds write to a global buffer, which leads to memory corruption and...