CVE-2025-14369 CVE-2025-14369

drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool...

CVE-2026-23833

A flaw was found in ESPHome. An integer overflow vulnerability exists in the API component's protobuf decoder. A remote attacker can exploit this by sending a specially crafted, large fieldlength value, which bypasses a bounds check. This can lead to a denial-of-service DoS condition, causing the...

CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

DEBIAN-CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

UBUNTU-CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

CVE-2026-23876

CVE-2026-23876 – ImageMagick heap buffer overflow (ReadXBMImage) Affected software: ImageMagick versions prior to 7.1.2-13 and 6.9.13-38.Root cause: heap buffer overflow in the XBM image decoder during processing of crafted images.Impact: attacker can write data past the allocated heap buffer, po...

CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

CVE-2026-23876 Heap buffer overflow with attacker-controlled data in XBM parser

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

CVE-2026-23876 Heap buffer overflow with attacker-controlled data in XBM parser

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

EUVD-2026-3589

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

ImageMagick input validation vulnerability

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-13 and 6.9.13-38 contained a vulnerability related to input validation errors. This vulnerability...

MiracleLinux 8 : freerdp-2.2.0-10.el8 (AXSA:2023-5972:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5972:03 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line...

MiracleLinux 9 : freerdp-2.4.1-5.el9 (AXSA:2023-5536:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5536:02 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8861:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8861:01 advisory. net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 go/parser: golang: Calling any of the Parse functions...

MiracleLinux 9 : python3.9-3.9.14-1.el9.2 (AXSA:2023-5191:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5191:01 advisory. Python: CPU denial of service via inefficient IDNA decoder CVE-2022-45061 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 9 : poppler-21.01.0-14.el9 (AXSA:2023-5617:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5617:02 advisory. poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 Tenable has extracted the preceding description block directly from the...

dr_flac contains an integer overflow vulnerability that allows for DoS when provided a crafted file

Overview drflac, an open-source FLAC audio decoder, part of the drlibs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service DoS when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses drflac a...