fontforge: FontForge: Remote Code Execution via malicious SFD file parsing

A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the losslessjpegloadraw function. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted file. Remediation Upgrade libraw to version 0.22.1 or higher...

GO-2026-4789 Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats

Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats...

LibRaw lossless_jpeg_load_raw heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2331 LibRaw losslessjpegloadraw heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-21413 SUMMARY A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A...

Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of...

CVE-2026-26933

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the EncodeGroupId function when processing a malformed group-id-list parameter. An attacker can cause the application to panic and terminate unexpectedly by supplying specially crafted input...

EUVD-2026-13142

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in protocol parser components. An attacker can cause the application to crash or exhaust resources by sending specially crafted, malformed network packets to a monitored network interface. Note: This i...

CVE-2026-26933

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

CVE-2026-26933 Improper Validation of Array Index in Packetbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

CVE-2026-26933 Improper Validation of Array Index in Packetbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

PT-2026-26323

Name of the Vulnerable Software and Affected Versions Packetbeat affected versions not specified Description An improper validation of array index can lead to a denial of service through input data manipulation. An attacker positioned on the same network segment as the Packetbeat deployment, or...

CVE-2026-26932 Improper Validation of Array Index in Packetbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

Elastic Packetbeat 安全漏洞

Elastic Packetbeat is a data collector developed by the Dutch company Elastic. There is a security vulnerability in Elastic Packetbeat, which stems from improper array index validation in the PostgreSQL protocol parser. This vulnerability could allow attackers to trigger a Go runtime crash by...

Improper Validation of Array Index

Overview github.com/gofiber/fiber/v3 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Improper Validation of Array Index via the route registration process. An attacker can cause the application to crash by sending requests to routes containi...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the AMF process. An attacker can cause the service to crash and disrupt network operations by sending a specially crafted NAS Registration Request containing a malformed 5GS Mobile Identity...

Amazon Linux 2 : fontforge, --advisory ALAS2-2026-3164 (ALAS-2026-3164)

The version of fontforge installed on the remote host is prior to 20120731b-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3164 advisory. FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows...