CVE-2022-49895 cxl/region: Fix decoder allocation crash

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix decoder allocation crash When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxlportattachregio...

CVE-2022-49887 media: meson: vdec: fix possible refcount leak in vdec_probe()

In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdecprobe v4l2deviceunregister need to be called to put the refcount got by v4l2deviceregister when vdecprobe fails or vdecremove is called...

PT-2025-18612 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the cxl/region component. The issue occurs when an intermediate port's decoders are exhausted by existing regions, and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from not verifying the validity of a decoder, which could lead to a null pointer dereference. An...

PT-2025-18320 · Base-X · Base-X

Name of the Vulnerable Software and Affected Versions: base-x versions prior to 3.0.11 base-x version 4.0.0 base-x version 5.0.0 Description: The issue allows attackers to potentially deceive users into sending funds to an unintended address. This is achieved through a problem in the base-x encod...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

GenPTW: In-Generation Image Watermarking for Provenance Tracing and Tamper Localization

The rapid development of generative image models has brought tremendous opportunities to AI-generated content AIGC creation, while also introducing critical challenges in ensuring content authenticity and copyright ownership. Existing image watermarking methods, though partially effective, often...

The vulnerability of the NCompress::NRar3::CDecoder::Code method in p7zip and 7-Zip archivers allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the NCompress::NRar3::CDecoder::Code method in p7zip and 7-Zip archivers is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure or execute arbitrary code through the...

CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

UBUNTU-CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

OESA-2025-1431 xz security update

XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. Security Fixes: XZ Utils provide a general-purpose data-compression library...

OESA-2025-1430 xz security update

XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. Security Fixes: XZ Utils provide a general-purpose data-compression library...

The vulnerability of the SMS decoder in the OFono mobile phone stack allows a hacker to execute arbitrary codes.

The vulnerability of the SMS decoder in the OFono mobile phone stack is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a hacker to execute arbitrary codes...

PCDiff: Proactive Control for Ownership Protection in Diffusion Models with Watermark Compatibility

With the growing demand for protecting the intellectual property IP of text-to-image diffusion models, we propose PCDiff -- a proactive access control framework that redefines model authorization by regulating generation quality. At its core, PCDIFF integrates a trainable fuser module and...

Medium: thunderbird

Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...

The vulnerability of the command-line PDF conversion tool QPDF lies in its memory usage after it is freed. This allows a malicious actor to execute arbitrary code.

The vulnerability of the command-line PDF conversion tool QPDF relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code by processing the PlASCII85Decoder::write parameter...

XZ has a heap-use-after-free bug in threaded .xz decoder

...

Updated xz packages fix security vulnerability

XZ has a heap-use-after-free bug in threaded .xz decoder. CVE-2025-31115...

SUSE CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...