EUVD-2025-34838

In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...

UBUNTU-CVE-2025-11896

In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...

CVE-2025-11896

CVE-2025-11896 affects Xpdf 4.05 and earlier, due to a PDF CMap object loop that can cause infinite recursion and a stack overflow. Public references in Fedora (xpdf 4.06 security update) and multiple SUSE/openSUSE advisories indicate the vulnerability is resolved by upgrading to a newer release ...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in commons-lang3-3.17.0.jar (CVE-2025-48924)

Summary IBM Sterling Connect:Direct Web Services is affected by an uncontrolled recursion vulnerability in commons-lang3-3.17.0. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apac...

Xpdf 安全漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, including text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf 4.05 and earlier versions, which stems from a loop in the PDF object in CMap that leads to infinite recursion, potentially resulting in a...

AlmaLinux 9 : kernel (ALSA-2025:17760)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:17760 advisory. kernel: HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 kernel: eventpoll: Fix semi-unbounded recursion CVE-2025-38614 kernel: ALSA:...

PT-2025-42549

Name of the Vulnerable Software and Affected Versions Xpdf versions prior to 4.06 Description A flaw exists in Xpdf versions 4.05 and earlier related to PDF object handling within CMap structures. Specifically, a loop in a CMap, triggered through the "UseCMap" entry, can result in infinite...

Oracle Linux 9 : kernel (ELSA-2025-17760)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-17760 advisory. - crypto: seqiv - Handle EBUSY correctly CKI Backport Bot RHEL-117232 CVE-2023-53373 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too CK...

Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

Libexpat contains a denial-of-service DoS vulnerability. A remote attacker could exploit this by chaining together an excessive number of general entities. Malicious use of this linear entity chain would subsequently result in uncontrolled recursion, leading to a stack overflow and crash...

CVE-2025-33096

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2025:17760 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 kernel: eventpoll: Fix semi-unbounded recursion CVE-2025-38614 kernel: ALSA: usb-audio: Validate UAC3 cluster segment...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 kernel: eventpoll: Fix semi-unbounded recursion CVE-2025-38614 kernel: ALSA: usb-audio: Validate UAC3 cluster segment...

EUVD-2025-33895

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

CVE-2025-33096

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

CVE-2025-33096

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

CVE-2025-33096

IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1 are affected by CVE-2025-33096 due to an uncontrolled recursion when uploading specially crafted files, allowing an authenticated user on the network to cause a denial of service. The associated IBM Security Bulleti...

CVE-2025-33096 IBM Engineering Requirements Management Doors Next denial of service

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

IBM Engineering Requirements Management DOORS Next 安全漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. A security vulnerability exists in IBM Engineering Requirements Managemen...

PT-2025-41723

Name of the Vulnerable Software and Affected Versions IBM Engineering Requirements Management Doors Next versions 7.0.2 through 7.1 Description An authenticated user can cause a denial of service by uploading specially crafted files. This is due to uncontrolled recursion. Recommendations Update t...