Important: mingw-libtiff security update

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed an issue of signed integer overflow in l2tpip6sendmsg. When len = INTMAX - transhdrlen, the value of ulen = len + transhdrlen will cause an overflow. To address this issue, we can follow the approach used by udpv6 and...

Astra Linux – Vulnerability in libsndfile

Multiple signed integer overflows occur in the aureadheader function in src/au.c, as well as in the mat4open and mat4readheader functions in src/mat4.c within Libsndfile. This vulnerability allows an attacker to cause a Denial of Service or other unspecified impacts...

RHEL 10 : libtiff (RHSA-2026:12265)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:12265 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitra...

RHEL 9 : libtiff (RHSA-2026:12271)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:12271 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrar...

AlmaLinux 10 : libtiff (ALSA-2026:12265)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:12265 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

SUSE CVE-2010-4713

Integer signedness error in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header...

Oracle Linux 10 : libtiff (ELSA-2026-12265)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-12265 advisory. 4.6.0-6.3 - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile RHEL-159309 Tenable has extracted the preceding description block directly...

libtiff security update

4.6.0-6.3 - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile RHEL-159309...

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1612)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1612 advisory. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds...

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signe...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013615)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013615 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in stru...

PT-2026-34009

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode signed32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

JLSEC-2026-155

In libass 0.14.0, the assoutlineconstruct's call to outlinestroke causes a signed integer overflow...

CVE-2026-41445

KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kissfftndralloc function in kissfftndr.c where the allocation size calculation dimOtherdimReal+2sizeofkissfftscalar overflows signed 32-bit integer arithmetic before being widened to sizet, causing malloc to allocate ...

PT-2026-33804

Name of the Vulnerable Software and Affected Versions KissFFT versions prior to commit 8a8e66e Description An integer overflow occurs in the kiss fftndr alloc function within kiss fftndr.c. The allocation size calculation dimOtherdimReal+2sizeofkiss fft scalar overflows signed 32-bit integer...

CLSA-2026-1776354546 jq: Fix of CVE-2024-23337

CVE-2024-23337: fix signed integer overflow in jvparraywrite and jvpobjectrehash that could lead to SEGV on growing arrays and objects...

EUVD-2026-23098

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

CVE-2026-6385

FFmpeg vulnerability CVE-2026-6385: a signed integer overflow in the DVD subtitle parser’s fragment reassembly bounds checks can cause a heap out-of-bounds write when processing specially crafted MPEG-PS/VOB media with a malicious DVD subtitle stream. Impact includes denial of service via applica...