OSV-2025-818 Heap-buffer-overflow in std::__1::pair<int, arrow::util::RleBitPackedParser::ControlFlow> arrow::util::R

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=449498800 Crash type: Heap-buffer-overflow READ 1 Crash state: std::1::pair arrow::util::R arrow::util::RleBitPackedDecoder::GetBatch auto parquet::DictByteArrayDecoderImpl::DecodeArrowDense...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986497 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the length + 4...

Unity Linux 20.1070e Security Update: libtiff (UTSA-2025-680618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680618 advisory. LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For...

SUSE CVE-2025-59732

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...

SUSE CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type FTCH...

EUVD-2025-32586

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....

CVE-2025-11346

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....

CVE-2025-11346

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....

CVE-2025-11346 ILIAS Base64 Decoding unserialize deserialization

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....

CVE-2025-11346

The CVE concerns ILIAS up to versions 8.23/9.13/10.1 where the Base64 Decoding Handler’s unserialize function is exploitable by manipulating the f_settings argument, enabling deserialization and a remote attack. The issue’s root cause is improper handling of f_settings in the unserialize flow. Im...

CVE-2025-11346 ILIAS Base64 Decoding unserialize deserialization

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the dwauncompress function when decoding OpenEXR files with DWAA or DWAB compression due to insufficient validation of the raw length of run-length-encoded data. An attacker can cause memory corruption or...

DEBIAN-CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

CVE-2025-59730

When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...

CVE-2025-59731

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...

UBUNTU-CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

EUVD-2025-32513

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...