CVE-2026-44216

A flaw was found in Wasmtime, a runtime for WebAssembly. A remote attacker could exploit an arithmetic overflow vulnerability by instantiating a WebAssembly module or component that attempts to allocate an extremely large table using the WebAssembly memory64 proposal. This flaw causes Wasmtime to...

Medium: oci-add-hooks

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

FreeBSD : dash -- arith: INTMAX_MIN / -1 overflow (ab2258a2-4cea-11f1-aec8-bc241107513d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ab2258a2-4cea-11f1-aec8-bc241107513d advisory. https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bnxt: Overflow is avoided in bnxtgetnvramdirectory. The value of an arithmetic expression may be subject to overflow due to a failure to cast the operands to a larger data type before performing arithmetic operations. A macro was...

Medium: golist

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Medium: golist

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Important: docker

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Ubuntu 16.04 LTS / 18.04 LTS : GStreamer Bad Plugins vulnerabilities (USN-8205-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8205-1 advisory. It was discovered that multiple plugins in GStreamer contained arithmetic overflows. An attacker could possibly use this issue to cause...

USN-8205-1: GStreamer Bad Plugins vulnerabilities

It was discovered that multiple plugins in GStreamer contained arithmetic overflows. An attacker could possibly use this issue to cause applications using the plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37329, CVE-2023-40474, CVE-2023-40475,...

dash -- arith: INTMAX_MIN / -1 overflow

https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3 reports: Division and remainder currently guard against division by zero, but not against the signed overflow case INTMAXMIN / -1. On affected systems this can trigger SIGFPE during arithmetic...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from incorrect checking of arithmetic underflow or overflow when are processed. This...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447...

CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

UBUNTU-CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

CVE-2026-31814 Yamux remote Panic via malformed WindowUpdate credit

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

Yamux 输入验证错误漏洞

Yamux is a multiplexer developed under the open-source Libp2p project in the United States. Versions of Yamux from 0.13.0 to 0.13.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from a specially crafted WindowUpdate that could cause an arithmetic overflo...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in WriteXWDImage, when writing an extremely large image, due to an arithmetic overflow in the calculation of bytesperline. Remediation A fix was pushed into the master branch but not yet published. References ...

📄 Samsung Quram DNG Heap Corruption

Samsung devices utilize Quram's DNG decoder. A malformed ScalePerColumn opcode with oversized areaSpec and extreme pitches leads to arithmetic overflow in the per-column scaling loop. After allocation miscalculation, subsequent writes corrupt heap structures. Carefully crafted payloads enable...