1761 matches found
Astra Linux – Vulnerability in Raptor2
A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon...
Astra Linux – Vulnerability in Nasm
In Netwide Assembler NASM 2.15rc10, the SEGV condition can be triggered in toktext within asm/preproc.c by accessing the READ memory...
Linux Distros Unpatched Vulnerability : CVE-2026-43312
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe,...
CVE-2026-32738
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...
CVE-2026-32738
libheif (versions
CLSA-2026-1778933151 Fix CVE(s): CVE-2025-11082, CVE-2025-5244, CVE-2025-5245
SECURITY UPDATE: memory corruption in ld via fuzzed object - debian/patches/CVE-2025-5244.patch: check for empty groups in elfgcsweep to prevent NULL pointer dereference - CVE-2025-5244 SECURITY UPDATE: SEGV in objdump function debugtypesamep - debian/patches/CVE-2025-5245.patch: handle NULL...
CVE-2026-43996
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...
CVE-2026-43896
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...
EUVD-2026-29174
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...
CVE-2026-43896
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...
CVE-2026-43896
CVE-2026-43896 (jq) : In jq versions 1.8.1 and earlier, unbounded recursion in the function jv_object_merge_recursive() can cause a crafted jq program to crash the process with a segfault when using the object operator (*) on two objects. Affected component is the jq JSON processor; the vulnerabi...
CVE-2026-43896
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...
CVE-2026-5172
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
UBUNTU-CVE-2026-5172
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
Linux Distros Unpatched Vulnerability : CVE-2026-43896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a...
CVE-2026-7568
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...
Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017386)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017386 advisory. DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemuxinflate function which causes a segfault, or could...
EUVD-2026-28582
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe, which currently happens after initcontrols. This can result in a...
CVE-2026-43312
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe, which currently happens after initcontrols. This can result in a...