CVE-2025-62821

CVE-2025-62821 affects Microsoft HEIF Image Extensions 1.2.22.0. The issue stems from CHEIFItemInfoEntry_GetDataSize potentially reporting 0 data size while returning success, causing a 1-byte allocation. Subsequently, CopyPixels may compute copy_size = stride * abs(roi_height) and perform a memm...

EUVD-2025-210287

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

CVE-2026-46332

A flaw was found in the Linux kernel's Greybus subsystem, specifically in the gb-beagleplay driver. The cc1352bootloaderrx function, responsible for receiving bootloader data, does not properly check the size of incoming data chunks before copying them into a fixed-size receive buffer. This...

DEBIAN-CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

CVE-2026-46039

In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than rounding up the value to be tested which might overflow, round down the...

CVE-2026-46064

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...

CVE-2018-25369

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

SUSE CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

CVE-2026-43277

A flaw was found in the Linux kernel's ACPI Platform Error Interface APEI Generic Hardware Error Source GHES subsystem. A malicious firmware could send error data that is larger than the memory allocated by the kernel. This out-of-bounds write can lead to a kernel panic, effectively causing a...

CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

CVE-2026-43076

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data isize during inode read When reading an inode from disk, ocfs2validateinodeblock performs various sanity checks but does not validate the size of inline data. If the filesystem is corrupted, an inode's...

CVE-2026-43076

The vulnerability CVE-2026-43076 affects the ocfs2 filesystem in the Linux kernel. When reading an inode from disk, ocfs2_validate_inode_block() did not validate the i_size of inline data against the inline data capacity (id_count). A corrupted filesystem could make i_size exceed id_count, causin...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of validation of the inline data isize when reading inode values. This vulnerability may...

Linux Distros Unpatched Vulnerability : CVE-2026-43277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/iucv: Fixed the size of interrupt data iucvirqdata needs to be 4 bytes larger. These bytes are not used by the iucv module, but are written by the z/VM hypervisor in case a CPU is deconfigured. Reported as: BUG...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl8xxxu: Fixed a slab-out-of-bounds issue in rtl8xxxustaadd. The driver does not set hw-stadatasize, which causes mac80211 to allocate insufficient space for the driver’s private station data in stainfoalloc. When...