CVE-2023-53479

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxlparsecfmws KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxldecoderadd fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in...

CVE-2022-50425

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copyxstatetouabi to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from initfpstate via copyfeature. But, dynamic states are not present ...

UBUNTU-CVE-2023-53506

In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore...

CVE-2023-53506

CVE-2023-53506 : Linux kernel udf merging long extents. The merge logic that pushes as much length as possible to the first extent caused risk of extents corruption; the patch resolves the behavior by not merging overly long extents. Reported impact is high (local attack, no user interaction) wit...

CVE-2023-53506 udf: Do not bother merging very long extents

In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore...

CVE-2023-53506 udf: Do not bother merging very long extents

In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore...

CVE-2023-53479

In CVE-2023-53479, the Linux kernel cxl driver had a use-after-free in cxl_parse_cfmws() during cxl_decoder_add() fail path. KASAN/KFENCE observed a slab-use-after-free where a released cxld was accessed in a later dev_err() path. The root cause was dereferencing freed memory; the fix replaces th...

CVE-2023-53479 cxl/acpi: Fix a use-after-free in cxl_parse_cfmws()

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxlparsecfmws KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxldecoderadd fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in...

CVE-2022-50425

CVE-2022-50425 is a Linux kernel vulnerability in the x86/fpu path. The issue occurs in copy_xstate_to_uabi() when an extended state component exists in init_fpstate but not fpstate, causing a NULL pointer dereference during XSAVE state handling in KVM/KVM-related ioctl paths. The mitigation desc...

CVE-2022-50425 x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copyxstatetouabi to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from initfpstate via copyfeature. But, dynamic states are not present ...

PT-2025-40135

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The libbpf component in the Linux kernel contains an issue where it directly uses the e shnum field in the ELF header as the section header count. This can lead to a heap-buffer overflow...

Poppler 安全漏洞

Poppler is a PDF rendering library from Poppler open source. A security vulnerability exists in Poppler version 24.06.1 through versions prior to 25.04.0, which stems from a stack consumption when processing deeply nested structures in PDF documents, which could result in a segmentation error...

PT-2025-40213

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where merging very long extents could lead to corruption of extents within a file. The problem stemmed from unnecessarily complex logic when attempting...

K000156692: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2016-5010 coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TIFF file. CVE-2016-5687 The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4...

NewStart CGSL MAIN 6.06 : ncurses Multiple Vulnerabilities (NS-SA-2025-0223)

The remote NewStart CGSL host, running version MAIN 6.06, has ncurses packages installed that are affected by multiple vulnerabilities: - In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

ROS-20250930-07

Vulnerability of ImageMagick console graphic editor related to format string error in function "InterpretImageFilename" function. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code on the target system, execute arbitrary code on the target system Vulnerabili...

Polska Akademia Dostępności CMS 跨站脚本漏洞

Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. A cross-site scripting vulnerability exists in Polska Akademia Dostępności CMS, which stems from the Print and Save as PDF functionality being susceptible to a reflective...

K000156690: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2016-10059 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service application crash or have unspecified other impact via a crafted TIFF file. CVE-2016-10060 The ConcatenateImages function in...

CLSA-2025-1759145882 Fix CVE(s): CVE-2025-53019

SECURITY UPDATE: memory leak via multiple consecutive %d format specifiers in filename template - debian/patches/CVE-2025-53019.patch: Fix memory leak when entering StreamImage multiple times - CVE-2025-53019...

CLSA-2025-1759145639 Fix CVE(s): CVE-2025-53019

SECURITY UPDATE: memory leak when specifying multiple %d format specifiers in filename template - debian/patches/CVE-2025-53019.patch: Fix memory leak when entering StreamImage multiple times - CVE-2025-53019...