5 matches found
CVE-2026-59873
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
CVE-2026-59873
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...
CVE-2026-14454
CVE-2026-14454 – Imager (Perl) : Imager versions before 1.033 mis-handle unsigned EXIF IFD entry counts as signed, causing large (near-address-space) allocation attempts. This could cause a worker process to terminate when processing crafted images with large EXIF data. Affected: Imager prior to ...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the core sequence parsing process. An attacker can cause a crash or denial of service by providing a specially crafted HEIF file that manipulates the stco.entrycount, saio.entrycount, and saiz.samplecount values to...
PT-2026-27755
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel tracing subsystem contains a flaw in the dma map sg tracepoint. When tracing large scatter-gather lists, the tracepoint can trigger a buffer overflow due to exceeding th...