Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which was caused by excessive reading and writing operations related to WebGL. This vulnerability could lead to arbitrary reading and writing...

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

Important: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

ROS-20260310-73-0015

A vulnerability in the ANGLE library of the Google Chrome browser is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Important: Red Hat Security Advisory: libpng15 security update

An update for libpng15 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

[SECURITY] Fedora 44 Update: libsixel-1.10.5-6.fc44

An encoder/decoder implementation for DEC SIXEL graphics...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

CVE-2026-27950 FreeRDP heap-use-after-free in update_pointer_new(SDL): Fix Applied in the Wrong File

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been...

EUVD-2026-8754

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been...

CVE-2026-27950

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...

libpng: LIBPNG heap buffer overflow

A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-65018)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-65018 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG...

MiracleLinux 7 : SDL-1.2.15-17.el7 (AXSA:2020-602:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-602:02 advisory. SDL: buffer over-read in IMAADPCMnibble in audio/SDLwave.c CVE-2019-7572 SDL: heap-based buffer overflow in function MSADPCMdecode in audio/SDLwave.c...

MiracleLinux 4 : xorg-x11-server-1.13.0-23.1.0.1.AXS4 (AXSA:2014-075:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-075:01 advisory. X.Org X11 X server Security issues fixed with this release: CVE-2013-1940 X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict acce...

MiracleLinux 4 : gegl-0.1.2-4.AXS4 (AXSA:2012-1027:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-1027:01 advisory. EGL Generic Graphics Library is a graph based image processing framework. GEGLs original design was made to scratch GIMPs itches for a new compositing and...

AZL-74505 CVE-2026-22801 affecting package gdal 3.6.3-2

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

CVE-2021-31523

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...

CVE-2017-6363

In the GD Graphics Library aka LibGD through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gdtiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and...

CVE-2025-15155

A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function sgpipelinedescdefaults in the library sokolgfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now...