The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the use of memory after it is freed, allowing an attacker to disclose protected information.

The vulnerability of PDF viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the use of memory after it is freed during file processing for U3D operations. Exploiting this vulnerability can allow attackers to disclose sensitive information that is...

ClamAV 0.99.4 < 1.0.9, 1.2.0 < 1.4.3 Multiple Vulnerabilities

According to its version, the ClamAV clamd antivirus daemon running on the remote host is 0.99.4 prior to 1.0.9, 1.2.0 prior to 1.4.3. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote...

Uncontrolled Recursion

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...

CVE-2025-53181

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability...

The Hidden Threat in Plain Text: Attacking RAG Data Loaders

Large Language Models LLMs have transformed human-machine interaction since ChatGPT's 2022 debut, with Retrieval-Augmented Generation RAG emerging as a key framework that enhances LLM outputs by integrating external knowledge. However, RAG's reliance on ingesting external documents introduces new...

Enabling Security on the Edge: a CHERI Compartmentalized Network Stack

The widespread deployment of embedded systems in critical infrastructures, interconnected edge devices like autonomous drones, and smart industrial systems requires robust security measures. Compromised systems increase the risks of operational failures, data breaches, and -- in safety-critical...

DEBIAN-CVE-2025-7069

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FSsectlinksize of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to t...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the H5FLmalloc function. An attacker can cause resource exhaustion by repeatedly triggering memory allocations that are not properly freed. Remediation A fix was pushed into the master branch bu...

AZL-65208 CVE-2025-7067 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5FSsinfoserializenodecb function. An attacker can cause a denial of service by triggering a heap-based buffer overflow through local access. Remediation A fix was pushed into the master branch but not...

OESA-2025-1727 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfsupdatemftmirr If ntfsfillsuper wasn't called then sbi-sb will be equal to NULL. Code should check this ptr before dereferencing...

OESA-2025-1709 qt6-qtimageformats security update

Security Fixes: When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.CVE-2025-5683...

OESA-2025-1708 qt6-qtimageformats security update

Security Fixes: When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.CVE-2025-5683...

HDF5 安全漏洞

HDF5 is a library of HDF open source . HDF5 1.14.6 version of the existence of a buffer overflow vulnerability , the vulnerability stems from the file src/H5FScache.c function H5FSsinfoserializenodecb fails to correctly validate the length of the input data size , a remote attacker can be used to...

HDF5 安全漏洞

HDF5 is a library of HDF open source . HDF5 version 1.14.6 there is a buffer overflow vulnerability , the vulnerability stems from the file src/H5FSsection.c function H5FSsectlinksize failed to correctly validate the length of the input data size , a remote attacker can use this vulnerability on...

Heap Based Buffer Overflow

Pillow is vulnerable to heap-based buffer overflow.. The vulnerability is due to writing into a buffer without checking for available space when saving a large 64k image in DDS format, which allows an attacker to trigger a heap buffer overflow by tricking the application into processing malicious...

BIT-PILLOW-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

OSV-2025-512 Invalid-free in pdf_decodestream

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428754704 Crash type: Invalid-free Crash state: pdfdecodestream pdfextractobj clipdf...

Python Library Pillow 11.2.x < 11.3.0 Write Buffer Overflow

The detected version of the Pillow Python package, Pillow, is 11.2.x prior to 11.3.0. It is, therefore, affected by a write buffer overflow vulnerability. There is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing int...

PT-2025-34466 · Git · Clamav

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428754704 Crash type: Invalid-free Crash state: pdf decodestream pdf extract obj cli pdf...