306 matches found
Astra Linux – Vulnerability in exiv2
In Exiv2 0.27.99.0, the PngImage::readMetadata function in the pngimage.cpp file allows attackers to cause a denial of service heap-based buffer over-read through a crafted image file...
Astra Linux – Vulnerability in libstb
stbimage.h also known as the stb image loader version 2.23 has a heap-based buffer overflow issue in stbitgaload, which can lead to information disclosure or denial of service...
Astra Linux – Vulnerability in gst-plugins-good1.0
In GStreamer through 1.26.1, the isomp4 plugin’s qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, potentially leading to information disclosure...
CVE-2026-45696 OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...
Heap Buffer Over-read in ASN.1 Content Parsing
...
SUSE CVE-2026-45359
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...
CVE-2026-45359 ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...
DEBIAN-CVE-2026-11787
A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...
CVE-2026-11787
The CVE-2026-11787 entry concerns 389 Directory Server (389-ds-base). A heap buffer over-read occurs in the ldap_utf8prev() function when reading bytes before the start of a buffer during string filter parsing (via str2simple), which may influence internal filter processing behavior. Documented i...
CVE-2026-43916
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
OESA-2026-2463 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
AlmaLinux 9 : httpd (ALSA-2026:21391)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due ...
SUSE SLES16 Security Update : nginx (SUSE-SU-2026:21832-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21832-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the...
ImageMagick < 6.9.13-48 / 7.x < 7.1.2-22 Vulnerability
The remote host has a version of ImageMagick installed that is prior to 6.9.13-48 or 7.x prior 7.1.2-22. It is, therefore, affected by a vulnerability. â An invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation...
Security update for apache2
This update for apache2 fixes the following issues CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163...
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
PT-2026-47117
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...
OESA-2026-2388 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
GHSA-6GXQ-F64P-5W6F ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process...
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process...