llama.cpp 缓冲区错误漏洞

Llama.cpp is a multimodal model developed by Georgi Gerganov. Prior versions of llama.cpp b8492 contained a buffer error vulnerability. This vulnerability stemmed from the deserializetensor function in the RPC backend, which skipped all boundary verifications when the buffer field of the tensor w...

Botan 缓冲区错误漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan from 2.3.0 to 3.11.0 contained a buffer error vulnerability. This vulnerability stemmed from the failure to check the expected length of the authentication code value during the SM2 decryption...

OpenSC 缓冲区错误漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds heap reads in the X.509/SPKI processing path, which could lead to memory corruption...

SUSE CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI-and thus the same key...

EVerest 缓冲区错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a buffer error vulnerability. This vulnerability stems from the function ISO15118chargerImpl::handleupdateenergytransfermodes, which copies a variable-leng...

EVerest 缓冲区错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained a buffer error vulnerability, which was caused by out-of-bounds access, potentially leading to remote crashes or memory corruption...

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-18 and 6.9.13-43 contained a buffer error vulnerability. This vulnerability stemmed from...

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-18 and 6.9.13-43 contained a buffer error vulnerability. This vulnerability stemmed from incorrect...

SiYuan 缓冲区错误漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.2 contained a buffer error vulnerability. This vulnerability stemmed from the use of the/api/file/readDir interface to retrieve document IDs, which could lead to information...

libpng 缓冲区错误漏洞

libpng is an open-source PNG reference library developed by The PNG Development Group. It allows for the creation, reading, and writing of PNG graphic files. Versions of LIBPNG from 1.6.36 to 1.6.55 contain a buffer error vulnerability. This vulnerability stems from out-of-bound read and write...

UltraVNC Viewer 缓冲区错误漏洞

UltraVNC Viewer is a remote desktop client developed by UltraVNC Corporation. Version 1.2.2.4 of UltraVNC Viewer contains a buffer error vulnerability. This vulnerability stems from a denial-of-service attack on the VNC Server’s input fields, which could allow attackers to cause the application t...

HeidiSQL 缓冲区错误漏洞

HeidiSQL is an open-source database management graphical interface tool developed by HeidiSQL. Version HeidiSQL 10.1.0.5464 contains a buffer error vulnerability. This vulnerability stems from a denial-of-service vulnerability in the password field, which could allow local attackers to cause the...

CVE-2026-32953 Tillitis: TKey Client has an Error in Protocol Implementation

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

CVE-2026-32953 Tillitis: TKey Client has an Error in Protocol Implementation

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

libde265 缓冲区错误漏洞

libde265 is a video codec developed by Struktur AG as open source. Versions of libde265 prior to 1.0.17 contained a buffer error vulnerability. This vulnerability arises from out-of-bounds heap writes when processing specially crafted HEVC bitstreams...

libarchive 缓冲区错误漏洞

Libarchive is an open-source multi-format archiving and compression library developed by Libarchive. Libarchive has a buffer error vulnerability, which stems from heap out-of-bounds reads in the RAR archiving processing logic. Improper validation of the LZSS sliding window size after the...

PX4-Autopilot 缓冲区错误漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions of PX4-Autopilot prior to 1.17.0-rc2 contained a buffer error vulnerability. This vulnerability stems from the crsfrc parser accepting excessively long, variable-length known packets and copying them into a fixed...

arduino-TuyaOpen 缓冲区错误漏洞

Arduino-TuyaOpen is an IoT development framework based on Arduino, open-sourced by Tuya. Versions of Arduino-TuyaOpen prior to 1.2.1 contained a buffer error vulnerability. This vulnerability stems from excessive memory access by the TuyaIoT component, which could lead to information leakage or...

Mumble 缓冲区错误漏洞

Mumble is a set of voice communication tools developed by Mumble Inc. for use in games. This tool allows players to engage in real-time voice conversations while playing games. Versions of Mumble prior to 1.6.870 contained a buffer error vulnerability; this vulnerability stemmed from access to...