OSV-2026-815 Heap-buffer-overflow in ihevcd_sao_shift_ctb

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516422427 Crash type: Heap-buffer-overflow READ 1 Crash state: ihevcdsaoshiftctb ihevcdprocess ihevcdparseslicedata...

OSV-2026-812 Heap-buffer-overflow in ihevcd_fmt_conv_422sp_to_420p

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv422spto420p ihevcdfmtconv ihevcddecode...

OSV-2026-807 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

OSV-2026-805 Heap-buffer-overflow in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515832483 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv ihevcddecode ihevcdcxaapifunction...

PT-2026-45894

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515832483 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd decode ihevcd cxa api function...

OSV-2026-798 Heap-use-after-free in ReplaceDEFNode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515134929 Crash type: Heap-use-after-free READ 8 Crash state: ReplaceDEFNode gfsgreset gfsgdel...

OSV-2026-795 Stack-buffer-underflow in probe_dasd_pt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514896889 Crash type: Stack-buffer-underflow READ 1 Crash state: probedasdpt idinfoprobe partitionsprobe...

OSV-2026-785 Heap-double-free in _dwarf_load_elf_symtab_symbols

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514753154 Crash type: Heap-double-free Crash state: dwarfloadelfsymtabsymbols dwarfelfnlsetup dwarfinitpathdla...

FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models LLMs show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated vulnerability reports suffer from high false positive rates and...

OSV-2026-777 Heap-buffer-overflow in md_is_link_title

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514122612 Crash type: Heap-buffer-overflow READ 1 Crash state: mdislinktitle mdanalyzeinlines mdprocessnormalblockcontents...

OSV-2024-1464 Use-of-uninitialized-value in Splash::compositeBackground

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513891492 Crash type: Use-of-uninitialized-value Crash state: Splash::compositeBackground SplashOutputDev::setSoftMask Gfx::doSoftMask...

OSV-2026-765 Heap-use-after-free in gf_node_get_id

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513783541 Crash type: Heap-use-after-free READ 8 Crash state: gfnodegetid lsrreadcommandlist lsrdecodelaserunit...

OSV-2026-760 Heap-buffer-overflow in md_decode_utf8__

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513677122 Crash type: Heap-buffer-overflow READ 1 Crash state: mddecodeutf8 mdskipunicodewhitespace mdlinklabelhash...

OSV-2026-733 Use-of-uninitialized-value in JBIG2Stream::readSymbolDictSeg

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512468082 Crash type: Use-of-uninitialized-value Crash state: JBIG2Stream::readSymbolDictSeg JBIG2Stream::readSegments JBIG2Stream::rewind...

OSV-2026-727 Global-buffer-overflow in md_start_new_block

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512429152 Crash type: Global-buffer-overflow READ 4 Crash state: mdstartnewblock mdparse mdhtml...

OSV-2026-717 Stack-use-after-scope in enter_block_callback

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511831392 Crash type: Stack-use-after-scope READ 4 Crash state: enterblockcallback mdprocessallblocks mdparse...

OSV-2026-712 Heap-buffer-overflow in Mat_VarGetCellsLinear

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511531637 Crash type: Heap-buffer-overflow READ 8 Crash state: MatVarGetCellsLinear matiostructcellfuzzer.cpp...

OSV-2026-703 Heap-use-after-free in js_atomics_op

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=510792185 Crash type: Heap-use-after-free WRITE 4 Crash state: jsatomicsop jscallcfunction JSCallInternal...

OSV-2026-696 Use-of-uninitialized-value in JXRHandler::read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=510577322 Crash type: Use-of-uninitialized-value Crash state: JXRHandler::read kimgiofuzzer.cc interceptormalloc...

Astra Linux - уязвимость в jq

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-bufferoverflow error occurs in the jvstringvfmt function within the jqfuzzexecute harness from oss-fuzz. This error happens at line 1456 of the jv.c file: void p = mallocsz;. As of the time of publication, no patch...