CVE-2025-47436

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...

CVE-2025-47436

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...

SUSE-SU-2025:1509-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 - CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 - CVE-2025-32052: Fixed heap buffer overflow in sniffunknown...

Important: ghostscript

Issue Overview: The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c The calculation of the buffer size was being done with int values, and overflowing that data type. By...

CVE-2025-24209

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash...

Advisory ROSA-SA-2025-2757

Software: rsync 3.1.2 OS: rosa-server79 packageevrstring: rsync-3.1.2-12.0.2.res7 CVE-ID: CVE-2024-12085 BDU-ID: 2025-00376 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rsyncd daemon of the Rsync file transfer and synchronization utility is related to an operation exceeding buffer boundaries ...

CVE-2025-0838 Heap Buffer overflow in Abseil

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve, and rehash methods of absl::flat,nodehashset,map did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer...

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

PT-2025-28667 · Irfanview · Irfanview +1

Name of the Vulnerable Software and Affected Versions: IrfanView CADImage Plugin affected versions not specified Description: The IrfanView CADImage plugin contains a buffer overflow issue in memory when handling DXF files. Successful exploitation of this issue could allow an attacker to execute...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1101)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : SDL2_sound (2025-5ef10f8485)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5ef10f8485 advisory. Latest stable release from upstream. Changelog: https://github.com/icculus/SDLsound/releases/tag/v2.0.4 . NOTE: drlibs are unbundled. Fixes:...

ROS-20240828-03

Vulnerability of Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to the incorrect handling of exceptional conditions with improper handling of exceptional conditions. Exploitation of the vulnerability could allow a remote attacker to use memory after it has been...

CVE-2024-42477

llama.cpp provides LLM inference in C/C++. The unsafe type member in the rpctensor structure can cause global-buffer-overflow. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561...

CVE-2024-6383

The bsonstringappend function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1...

PT-2024-8679 · FFmpeg +1 · Ffmpeg +1

Name of the Vulnerable Software and Affected Versions: FFmpeg version 7.0 Description: The issue is related to a buffer overflow in the hevc frame end function of the FFmpeg library, located in libavcodec/hevcdec.c. This can lead to an out-of-bounds operation in memory, potentially allowing an...

The vulnerability of the formWlanGuestSetup function in the microprogramming software of the D-Link DIR-619L router allows a hacker to cause a service failure.

The vulnerability of the formWlanGuestSetup function in the D-Link DIR-619L router’s microprogramming software is related to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure by using the webpage...

Debian dsa-5653 : gtkwave - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5653 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5653...

SUSE-SU-2024:0121-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer bsc1218582 - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access bsc1218583 - CVE-2024-21885: Fixed he...

SUSE-SU-2024:0111-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: Security fixes: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer bsc1218582 - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access bsc1218583 -...

Fedora 39 : firefox / nss (2023-9de52d46bd)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-9de52d46bd advisory. Update NSS to 3.95 Update Firefox to 121.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...