115 matches found
CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...
PYSEC-2026-1001 `CHECK` fail in `BCast` overflow
Impact If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. python import tensorflow as tf value = tf.constantshape=2, 1024, 1024, 1024...
SUSE CVE-2026-20244
A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...
CVE-2026-20244
A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...
CVE-2026-53133
A flaw was found in the Linux kernel's RDMA/umem component. When the IOMMU Input/Output Memory Management Unit is used, a very large memory block can be split across multiple scatter-gather SG entries. During the reassembly of these split SG entries, an issue with truncation for block sizes great...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, there was a 32-bit unsigned integer overflow in the XWD X Windows encoder, which could lead to an undersized heap buffer allocation. When writing an extremely...
Tenable Identity Exposure < 3.93.5 Multiple Vulnerabilities (TNS-2026-16)
The version of Tenable Identity Exposure running on the remote host is prior to 3.93.5. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-16: - Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive...
Concurrent Ruby - `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...
drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
...
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size but relocbooffset is u32 uapi/drm/nouveaudrm.h and the integer litera...
Astra Linux – Vulnerability in edk2
EDK2 contains a vulnerability when the S3 sleep mechanism is activated. In this case, an attacker may cause a Division-by-Zero error due to a UNIT32 overflow through local access. Successful exploitation of this vulnerability could result in a loss of availability...
SUSE CVE-2026-43909
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...
EUVD-2026-30413
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...
PT-2026-41024
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch buffer bpp using signed 32-bit arithmetic. When the product...
PT-2026-35949
Name of the Vulnerable Software and Affected Versions libsndfile version 1.2.2 Description An integer overflow exists in the IMA ADPCM codec within the WAV and close code paths. When the product of samplesperblock and blocks exceeds the maximum value of a 32-bit signed integer INT MAX, a...
PT-2026-35011
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv tt prepare tvlv global data function calculates the allocation length for a global TT response using 16-bit temporaries. If a...
Node.js Module Undici 6.x < 6.24.0 / 7.x < 7.24.0 DoS
The nodejs module Undici detected on the host is version 6.x prior to 6.24.0 or version 7.x prior to 7.24.0. It is, therefore, affected by a denial of service vulnerability : - A flaw exists in the WebSocket client due to an integer overflow when processing frames with extremely large 64-bit leng...
PT-2026-33909
Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.9 OpenEXR versions 3.3.0 through 3.3.9 OpenEXR versions 3.2.0 through 3.2.7 Description An integer overflow occurs in the reference implementation of the EXR image storage format. The issue exists in internal...
OESA-2026-1945 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
OESA-2026-1942 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...