CVE-2026-33666

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes / readString, the setBitPosition bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes 512 MB fr...

EUVD-2026-25591

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. This vulnerability is fixed in...

PT-2026-35054

Name of the Vulnerable Software and Affected Versions Zserio versions prior to 2.18.1 Description Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, leading ...

zserio 安全漏洞

Zserio is an open-source framework for efficiently serializing structured data by Navigation Data Standard e.V. Versions of Zserio prior to 2.18.1 contained a security vulnerability. This vulnerability stemmed from the ability of a specially crafted payload to forcibly allocate up to 16 GB of...