17709 matches found
CVE-2026-56362
A heap-buffer-overflow read in ImageMagick's OpenPixelCache occurs when image channel metadata updates before memory allocation. Attackers can trigger this via memory and disk allocation failures to disclose sensitive information. Mitigation Isolate ImageMagick tasks by running them inside...
CVE-2026-58471
A flaw was found in GNU Wget. A remote attacker can exploit a heap buffer overflow vulnerability in the convertfname function. This occurs when processing a server-supplied filename that requires character set conversion, leading to memory corruption due to incorrect buffer reallocation. This can...
dnsmasq < 2.93 Heap-Based Buffer Overflow (CVE-2026-12725)
The version of dnsmasq installed on the remote host is prior to 2.93. It is, therefore, affected by a heap-based buffer overflow vulnerability. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause...
CVE-2026-55999
A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...
EUVD-2026-42259
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...
CVE-2026-56362
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...
Important: Red Hat Security Advisory: nginx:1.26 security, bug fix, and enhancement update
An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2026-56003
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...
CVE-2026-56001
A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont...
Linux Distros Unpatched Vulnerability : CVE-2026-56002
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code withi...
CVE-2026-58471
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...
freerdp: FreeRDP: Arbitrary code execution and denial of service via heap-buffer-overflow
A heap-buffer overflow vulnerability exists in the FreeRDP server's clipboard channel. A remote attacker can exploit this by sending a specially crafted message to the server, which can crash the service Denial of Service or potentially allow the attacker to execute arbitrary code...
Important: Red Hat Security Advisory: freerdp security update
An update for freerdp is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
RLSA-2026:35839 Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
OESA-2026-2866 aom security update
The Alliance for Open Media’s focus is to deliver a next-generation video format that is: Security Fixes: An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows ...
OESA-2026-2864 aom security update
The Alliance for Open Media’s focus is to deliver a next-generation video format that is: Security Fixes: An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows ...
OESA-2026-2798 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...
SUSE-SU-2026:2759-1 Security update for apache2
This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...
ALSA-2026:35839 Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
PT-2026-55578
Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A heap buffer overflow exists in the Paint Shop Pro PSP file format parser. The issue occurs when the software incorrectly calculates buffer sizes while processing low bit-depth images, which...