DEBIAN-CVE-2025-3406

A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhwbuildtilesetfromimage of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely...

CVE-2025-3406

A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhwbuildtilesetfromimage of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely...

UBUNTU-CVE-2025-3406

A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhwbuildtilesetfromimage of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely...

CVE-2025-3406 Nothings stb Header Array stbhw_build_tileset_from_image out-of-bounds

A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhwbuildtilesetfromimage of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely...

CVE-2025-3406

A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhwbuildtilesetfromimage of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely...

CVE-2025-3406

CVE-2025-3406 affects the Nothings stb library (up to f056911) with the vulnerable function stbhw_build_tileset_from_image in the Header Array Handler . The issue arises from manipulating the argument w , causing an out-of-bounds read. It is stated that the attack can be launched remotely. The re...

CVE-2025-21447 Improper Validation of Array Index in Computer Vision

Memory corruption may occur while processing device IO control call for session control...

CVE-2025-21447 Improper Validation of Array Index in Computer Vision

Memory corruption may occur while processing device IO control call for session control...

CVE-2025-21447

CVE-2025-21447 affects Qualcomm Snapdragon chipsets. The issue is memory corruption occurring when processing a device IOCTL call for session control, caused by an underlying vulnerability in the IOCTL handling path. The provided sources (NVD/Red Hat/CVE record and related feeds) confirm the memo...

CVE-2025-21423

CVE-2025-21423 affects Qualcomm chipsets; memory corruption occurs when handling client calls to EnableTestMode through an Escape call. The CVSS-3.1 metrics indicate a LOCAL attack vector, LOW privileges required, no user interaction, with HIGH confidentiality, integrity, and availability impact....

CVE-2025-21423 Improper Validation of Array Index in Display

Memory corruption occurs when handling client calls to EnableTestMode through an Escape call...

PT-2025-18433

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc2-syzkaller Description The issue is related to the Linux kernel's net sched module, specifically the sch sfq component. It is not sufficient to directly validate the limit on the data that the user...

CVE-2025-3154 Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

CVE-2025-3154

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

CVE-2025-21994

CVE-2025-21994 is a Linux kernel vulnerability in the ksmbd module where validation for the num_aces field of smb_acl was incorrect. The advisory notes that parse_dcal() should verify num_aces using the actual buffer size (smb_acl->size) rather than checking against a calculation that could al...

Malicious code in @hongfangze/array (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f960dc6274e7bc128da9e089382bd14d47a6e944b250dbc6a53b2f4a17cce5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses WHAT & HOW hpostreamtolinkencodermapping has size MAXHPODP2ENCODERS=4, but location can have size up to 6. As a result, it is necessary to check location against MAXHPODP2ENCODERS...

Vulnerability of the start_io_acct() function in the drivers/md/dm.c module – The driver for supporting multiple devices (such as RAID and LVM) in the Linux kernel allows a hacker to trigger a service failure.

Vulnerability of the startioacct function in the drivers/md/dm.c module – The driver for supporting multiple devices such as RAID and LVM in the Linux operating system is vulnerable due to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause service failures...

The vulnerability of the jfs_readdir() function in the fs/jfs/jfs_dtree.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the jfsreaddir function in the fs/jfs/jfsdtree.c module of the Linux operating system is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

PT-2025-27979

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns an array-index-out-of-bounds read in the add missing indices function. Specifically, the stbl variable is of type s8 but is expected to contain offsets into a slot...