CVE-2025-8836

CVE-2025-8836 affects JasPer up to 4.2.5, where manipulation in jpc_floorlog2 (src/libjasper/jpc/jpc_enc.c - JPC Encoder) can trigger a reachable assertion. Exploitation is described as local; public exploit guidance exists. Remediation is available via patches, e.g., upgrade to JasPer 4.2.8 (ope...

CVE-2025-8835

A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jasimagechclrspc of the file src/libjasper/base/jasimage.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack...

CVE-2025-8835

CVE-2025-8835 (and related CVEs 8836, 8837) affects JasPer up to version 4.2.5. The vulnerability lies in jas_image_chclrspc in src/libjasper/base/jas_image.c, causing a null pointer dereference with local attack vector. Open advisories show the same root cause across multiple distributions (SUSE...

CVE-2025-8745

A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper export of android application components. An...

PT-2025-32530

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5 Description: A use-after-free vulnerability exists in JasPer up to version 4.2.5. The issue affects the jpc dec dump function within the JPEG2000 File Handler component, located in the file src/libjasper/jpc/jpc...

PT-2025-32528

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5 Description: A vulnerability exists in JasPer up to version 4.2.5, specifically within the JPEG2000 Encoder component. The issue resides in the jpc floorlog2 function located in the src/libjasper/jpc/jpc enc.c file...

Linux Distros Unpatched Vulnerability : CVE-2025-6490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function...

Linux Distros Unpatched Vulnerability : CVE-2025-3549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function...

CVE-2025-8745 Weee RICEPO App com.ricepo.app AndroidManifest.xml improper export of android application components

A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper export of android application components. An...

Linux Distros Unpatched Vulnerability : CVE-2025-2913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FLblkgclist of the file src/H5FL.c. The...

Linux Distros Unpatched Vulnerability : CVE-2025-3548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set...

Linux Distros Unpatched Vulnerability : CVE-2025-7546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the...

Linux Distros Unpatched Vulnerability : CVE-2025-2926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. T...

CVE-2025-8735

A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to th...

CVE-2025-8735 GNU cflow Lexer c.c yylex null pointer dereference

A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to th...

CVE-2025-8735

A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to th...

CVE-2025-8734

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison...

CVE-2025-8733

A flaw has been found in GNU Bison up to 3.8.2. This affects the function obstackvprintfinternal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may be used. It is still unclear if this...

CVE-2025-8734

A vulnerability has been found in GNU Bison up to 3.8.2. This impacts the function codefree of the file src/scan-code.c. The manipulation leads to double free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The actual existence of this...

DEBIAN-CVE-2025-8734

Bulletin has no description...