Lucene search
K

367 matches found

OSV
OSV
added 2 days ago5 views

BIT-PYTHON-MIN-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
OSV
OSV
added 2 days ago2 views

BIT-LIBPYTHON-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
OSV
OSV
added 2026/06/26 9:13 a.m.3 views

OPENSUSE-SU-2026:21071-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues Security issues: - CVE-2026-42050: Stack buffer overflow in XTileImage bsc1265048. - CVE-2026-42326: Information disclosure via malicious IPTC input file bsc1268092. - CVE-2026-45031: Denial of Service due to resource policy bypass in PSD...

9.1CVSS6.5AI score0.01849EPSS
Exploits4References64
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLED15: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2026:2580-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2580-1 advisory. This update for ImageMagick fixes the following issues This update for ImageMagick fixes the following issues ...

7.5CVSS6.1AI score0.01849EPSS
Exploits4References88
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.17 views

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1826)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1826 advisory. When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per:...

7.5CVSS6.7AI score0.01849EPSS
Exploits4References32
RedHat Linux
RedHat Linux
added 2026/06/16 7:53 a.m.7 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6.3AI score0.00579EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.8 views

EulerOS Virtualization 2.13.0 : xz (EulerOS-SA-2026-2422)

According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was us...

6.3CVSS5.8AI score0.00351EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 11:16 p.m.9 views

CVE-2026-46521

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

5.5CVSS0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 9:40 p.m.38 views

CVE-2026-46521 ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

5.5CVSS0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:40 p.m.7 views

CVE-2026-46521 ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:40 p.m.10 views

EUVD-2026-36171

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 9:40 p.m.26 views

CVE-2026-46521

CVE-2026-46521 affects ImageMagick: a heap buffer over-write in the MIFF encoder when using LZMA compression due to a missing check. Exploitation is local with low complexity and requires user interaction, potentially impacting availability. A patch is available: fixed in ImageMagick versions 6.9...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2319)

According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...

6.3CVSS5.8AI score0.00351EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2362)

According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...

6.3CVSS5.8AI score0.00351EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2026/06/01 12:39 p.m.15 views

Advisory ROSA-SA-2026-3313

Component: xz 5.2.9 OS: ROSA-CHROME Unaffected versions: = xz-5.2.9-2 Affected versions: xz-5.2.9-2 CVE-ID: CVE-2026-34743 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The buffer overflow vulnerability in XZ Utils allows an attacker to cause memory corruption by using the lzmaindexdecoder...

6.3CVSS6AI score0.00351EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/05/29 3:32 p.m.10 views

Security update for xz

This update for xz fixes the following issue CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...

7.5CVSS5.9AI score0.00351EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 3:32 p.m.7 views

SUSE-SU-2026:2118-1 Security update for xz

This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280...

6.3CVSS6AI score0.00351EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

openSUSE 16 Security Update : xz (openSUSE-SU-2026:20813-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20813-1 advisory. This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Tenable has extracted the preceding...

6.3CVSS6AI score0.00351EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/28 12:0 a.m.10 views

Security update for xz (important)

openSUSE security update: security update for xz ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20813-1 Rating: important References: bsc1261280 Cross-References: CVE-2026-34743 CVSS scores: CVE-2026-34743 SUSE : 7.4...

7.5CVSS6AI score0.00351EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

SUSE SLES12 Security Update : xz (SUSE-SU-2026:2052-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2052-1 advisory. This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Tenable has extracted the preceding...

6.3CVSS6AI score0.00351EPSS
Exploits0References4
Rows per page
Query Builder