GHSA-3H9H-QFVW-98HQ OpenEXR Makes Use of Uninitialized Memory

Summary While fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on uninitialized data inside genericunpack. This indicates a use of uninitialized memory CWE-457. The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC. Details Environment: -...

OpenEXR Makes Use of Uninitialized Memory

Summary While fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on uninitialized data inside genericunpack. This indicates a use of uninitialized memory CWE-457. The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC. Details Environment: -...

GHSA-GXCX-QJQP-8VJW ImageMagick has memory leak in msl encoder

Memory leak exists in coders/msl.c. In the WriteMSLImage function of the msl.c file, resources are allocated. But the function returns early without releasing these allocated resources. ==78983== Memcheck, a memory error detector ==78983== Copyright C 2002-2022, and GNU GPL'd, by Julian Seward et...

MiracleLinux 4 : curl-7.19.7-46.AXS4 (AXSA:2015-432:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-432:02 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is...

CVE-2025-64181 OpenEXR Makes Use of Uninitialized Memory

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...

EUVD-2008-4844

Malware in sbrugna...

EUVD-2022-3383

Malicious code in bioql PyPI...

EUVD-2022-5840

Malicious code in bioql PyPI...

CVE-2020-2245

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2246

Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Valgrind XML report contents...

valgrind bug fix update

An update is available for valgrind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The valgrind packages provide the Valgrind programming tool that helps detec...

valgrind bug fix and enhancement update

An update is available for valgrind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.1...

valgrind bug fix and enhancement update

An update is available for valgrind. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

Linux Distros Unpatched Vulnerability : CVE-2008-4865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current...

Using Valgrind on Chrome

Brief script that demonstrates running valgrind and afl-fuzz on Google Chrome. This favorite code for security auditing and memory leak detection with Valgrind runs the Valgrind tool and several other tools to check for memory leaks, which can lead to resource buffer overflows and more. Exploit /...

RHEA-2010:0272 Red Hat Enhancement Advisory: valgrind bug fix and enhancement update

Bulletin has no description...

OPENSUSE-SU-2024:12058-1 valgrind-3.19.0-3.1 on GA media

These are all security issues fixed in the valgrind-3.19.0-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11492-1 valgrind-3.17.0-2.3 on GA media

These are all security issues fixed in the valgrind-3.17.0-2.3 package on the GA media of openSUSE Tumbleweed...

RHEL 4 : valgrind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - valgrind: .valgrindrc loaded from untrusted locations CVE-2008-4865 Note that Nessus has not tested for this issue...

XZ backdoor story – Initial analysis

On March 29, 2024, a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux...