10 matches found
UBUNTU-CVE-2026-34971
Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...
SUSE CVE-2026-34380
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...
CVE-2026-34380
OpenEXRFix: CVE-2026-34380 describes a signed integer overflow in undo_pxr24_impl() in OpenEXRCore (src/lib/OpenEXRCore/internal_pxr24.c) that could cause the decoding loop to write beyond the allocated output buffer. Affected versions are 3.2.0 up to but not including 3.2.7, 3.3.9, and 3.4.9. Th...
CVE-2026-28231
pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...
EUVD-2026-9061
pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...
CVE-2025-69261
Summary: CVE-2025-69261 affects WasmEdge, a WebAssembly runtime. Prior to 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound() to incorrectly permit access and may trigger a segmentation fault. A patch is included in 0.16.0-alpha.3. R...
Linux Distros Unpatched Vulnerability : CVE-2019-9793
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This...
PYSEC-2023-191
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...
SUSE CVE-2017-18187
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the sslparseclientpskidentity function in library/sslsrv.c...
Safe'N'Sec SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure and SoftControl/SafenSoft Enterprise Unauthorized Operation Vulnerabilities
Safe'N'Sec SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise are Russian Safe'N'Sec's proactive malware defense applications. A vulnerability exists in the snscore.sys file in Safe'N'Sec SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft...