libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

CVE-2025-69647

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...

CVE-2025-69648

CVE-2025-69648 affects GNU Binutils readelf (up to 2.45.1) and related mingw-binutils packages. The issue is a logic flaw in the DWARF parser when handling crafted binaries with malformed .debug_rnglists data, causing readelf to print the same warning in a loop and not make forward progress, resu...

PT-2026-36050

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description An infinite loop in the SMB2 protocol dissector can lead to a denial of service. Recommendations Update Wireshark versions 4.6.0 through 4.6.4 to a...

PT-2026-36073

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Description A flaw in the DLMS/COSEM protocol dissector can lead to an infinite loop. Recommendations Update Wireshark to a version later than 4.6.4...

EUVD-2026-10138

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

ALPINE-CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

AZL-79509 CVE-2026-2219 affecting package dpkg 1.20.10-1

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

CVE-2026-2219 affects dpkg-deb in dpkg, where improper validation of the end of the data stream during uncompression of zstd-compressed .deb archives can lead to a denial-of-service (infinite CPU loop). Public records from OSV and OSV-derived advisories confirm patches exist in multiple distribut...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

PT-2026-23848

Name of the Vulnerable Software and Affected Versions dpkg-deb affected versions not specified Description The dpkg-deb component of the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive. This can lead to a...

OPENSUSE-SU-2026:20333-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams bsc1258940 - CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM bsc1258934 -...

CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...

CLSA-2026-1772810768 python3: Fix of CVE-2025-8194

CVE-2025-8194: tarfile: validate archives to ensure non-negative member offsets to prevent infinite loop and resource exhaustion...

Medium: libpng

Issue Overview: libpng: An out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to...

Security update for wireshark

This update for wireshark fixes the following issues: CVE-2025-13946: MEGACO dissector infinite loop bsc1254472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

SUSE-SU-2026:0817-1 Security update for wireshark

This update for wireshark fixes the following issues: - CVE-2025-13946: MEGACO dissector infinite loop bsc1254472...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005654 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: ubiwlputpeb: Fix infinite loop when wear-leveling work failed Following process will trigger...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : zlib (SUSE-SU-2026:0783-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0783-1 advisory. This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the...