CVE-2026-25068

Summary: CVE-2026-25068 affects alsa-lib versions 1.2.2 through 1.2.15.2 (before commit 5f7fe33). A heap-based buffer overflow in the topology mixer control decoder is caused by tplg_decode_control_mixer1() reading the untrusted num_channels from a .tplg file and using it as a loop bound without ...

📄 Samsung libimagecodec.quram.so Buffer Overflow / Denial of Service

This proof of concept demonstrates a denial of service vulnerability in Samsung's libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large image dimensions height 65535, width 2862 in the SOF0 marker, the decoder performs unsafe size calculations duri...

ALSA-LIB: Input validation vulnerability

alsa-lib is an open-source library for ALSA Advanced Linux Sound Architecture in the user space. It is designed to simplify application programming and provide more advanced features. Versions of alsa-lib prior to 1.2.15.2 contained a vulnerability related to input validation errors. This...

Updated python-pyasn1 packages fix security vulnerability

pyasn1 has a DoS vulnerability in decoder. CVE-2026-23490...

MGASA-2026-0020 Updated python-pyasn1 packages fix security vulnerability

pyasn1 has a DoS vulnerability in decoder. CVE-2026-23490...

CVE-2026-24823

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in FASTSHIFT X-TRACK Software/X-Track/USER/App/Utils/lvimgpng/PNGdec/src modules. This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7...

CVE-2026-24823

The CVE-2026-24823 issue refers to an out-of-bounds write / buffer copy without size checks in FASTSHIFT X-TRACK, specifically in the PNG decoding path ( inflate.C within Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). Affected software: X-TRACK up to and including v2.7. The Red H...

CVE-2026-24823 A heap-based buffer over-read or buffer overflow vulnerability in FASTSHIFT/X-TRACK

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in FASTSHIFT X-TRACK Software/X-Track/USER/App/Utils/lvimgpng/PNGdec/src modules. This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7...

PT-2026-4898

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in FASTSHIFT X-TRACK Software/X-Track/USER/App/Utils/lv img png/PNGdec/src modules. This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7...

Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.28 / 10.3.x < 10.3.11 / 11.0.x < 11.1.0 (JSDSERVER-16412)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16412 advisory. - Netty is an asynchronous event-driven network application framework for rapid development of...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005099)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005099 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with...

[SECURITY] [DLA 4448-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4448-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 24, 2026 https://wiki.debian.org/LTS -...

OESA-2026-1246 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1245 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1244 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1243 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1242 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Denial-Of-Service (DoS)

ESPHome is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to an integer overflow in the API protobuf decoder, where an attacker-controlled fieldlength value can overflow the bounds check in proto.cpp, bypassing validation and causing invalid memory access that crashes the device,...

SUSE CVE-2025-66959

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder...

CVE-2025-66959

A flaw was found in ollama. A remote attacker could exploit this vulnerability by sending specially crafted input to the GGUF decoder, leading to a Denial of Service DoS. This issue can make the service unavailable to legitimate users. Mitigation Mitigation for this issue is either not available ...