CLSA-2026-1777546646 gdk-pixbuf2: Fix of CVE-2026-5201

CVE-2026-5201: jpeg loader rejects unsupported component counts in the non-incremental code path...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

In December 2025, we detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. We have attributed this activity to the Silver Fox threat group. Both...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

Amazon Linux 2 : LibRaw, --advisory ALAS2-2026-3255 (ALAS-2026-3255)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3255 advisory. A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A speciall...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1600)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1600 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.aud...

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calli...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

MAL-2026-3153 Malicious code in apple-infra-final-escape (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

PT-2026-36113

Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.3 Description The software passes user-controlled lng and ns values from the getResourcesHandler function directly into i18next.services.backendConnector.loadlanguages, namespaces, … without...

CLSA-2026-1777397602 gimp: Fix of CVE-2026-4887

CVE-2026-4887 fix heap buffer over-read in PCX file loader by adding bpp validation, tolerating off-by-one bytesperline values, and allocating one extra byte for line buffers...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

cpython: CPython: Logging Bypass in Legacy .pyc File Handling

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

JLSEC-2026-192

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be...

JLSEC-2026-191

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFileQuake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attac...

JLSEC-2026-193

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validateheader of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An...