GHSA-QV7W-V773-3XQM sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

GHSA-PGX9-497M-6C4V sm-crypto Affected by Private Key Recovery in SM2-PKE

Summary A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions. Credit This vulnerability was discovered...

PT-2026-3894

Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description The sm-crypto library, providing JavaScript implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a signature malleability issue in its SM2 signature verification logic. ...

PT-2026-3893

Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description sm-crypto, a JavaScript library providing implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a flaw in the SM2 decryption logic. An attacker can recover the private ke...

openjpeg -- multiple vulnerabilities

Tencent's Xuanwu LAB reports: A Heap Buffer Overflow Out-of-Bounds Write issue was found in function opjdwtinterleavev of dwt.c. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG. An integer overflow issue exists in function...