51 matches found
CVE-2025-71329
A flaw was found in image-size. A remote attacker can exploit this vulnerability by providing a specially crafted image buffer that contains a zero-valued size field within a recognized box-type. This malicious input can trigger an infinite loop in the JXL or HEIF image parsers, leading to a...
CVE-2026-9538
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...
CVE-2026-9538
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...
EUVD-2026-31775
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...
CVE-2026-9538
CVE-2026-9538 affects Archive::Tar prior to 3.10 for Perl. A crafted tar header can set a multi‑gigabyte size, causing _read_tar() to allocate a scalar of that size, leading to memory exhaustion. The vulnerability arises from reading entry payloads with a size block derived from the header withou...
PT-2026-43166
Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.10 Description Archive::Tar for Perl allows memory exhaustion when processing a tar header with an attacker-controlled entry size field. The read tar function reads each entry's payload using $handle-read$$data...
PT-2026-43221
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...
CVE-2026-35602
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...
CVE-2026-35602
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...
CVE-2026-35602 Vikunja has a File Size Limit Bypass via Vikunja Import
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...
CVE-2026-35602 Vikunja has a File Size Limit Bypass via Vikunja Import
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...
GHSA-QH78-RVG3-CV54 Vikunja has File Size Limit Bypass via Vikunja Import
Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...
Vikunja has File Size Limit Bypass via Vikunja Import
Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Size field in JSON metadata at the file import endpoint for size checks, rather than the actual...
CVE-2026-23235
CVE-2026-23235 (Linux kernel, f2fs) is a local, in-kernel vulnerability where certain f2fs sysfs attributes permit out-of-bounds memory access and misinterpretation of integer sizes. The root causes are: __sbi_store() and f2fs_sbi_show() incorrectly treat all default values as unsigned int, causi...
CVE-2025-68726
In the Linux kernel, the following vulnerability has been resolved: crypto: aead - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
UBUNTU-CVE-2025-68726
In the Linux kernel, the following vulnerability has been resolved: crypto: aead - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
CVE-2025-68343
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostframe and...