CVE-2026-33666

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes / readString, the setBitPosition bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes 512 MB fr...

EUVD-2026-25591

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. This vulnerability is fixed in...

zserio 安全漏洞

Zserio is an open-source framework for efficiently serializing structured data by Navigation Data Standard e.V. Versions of Zserio prior to 2.18.1 contained a security vulnerability. This vulnerability stemmed from the ability of a specially crafted payload to forcibly allocate up to 16 GB of...

PT-2026-35054

Name of the Vulnerable Software and Affected Versions Zserio versions prior to 2.18.1 Description Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, leading ...