CVE-2025-38068 crypto: lzo - Fix compression buffer overrun

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the...

CVE-2025-38068 crypto: lzo - Fix compression buffer overrun

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the...

CVE-2025-38068

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the...

CVE-2025-38068

CVE-2025-38068: In the Linux kernel, the crypto/lzo path fixed a compression buffer overrun by adding a safe compression interface that checks the end of the output buffer before each write and using it in crypto/lzo. This corrects a prior assumption that the caller always provided sufficient buf...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

TencentOS Server 4: tpm2-tss (TSSA-2024:1007)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1007 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

The vulnerability of CNCSoft’s numerical control software lies in its ability to write beyond buffer boundaries, allowing attackers to execute arbitrary code.

The vulnerability of CNCSoft’s numerical control software lies in its ability to execute code outside the buffer boundaries. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

The vulnerability of the built-in web server boa (/boafrm/formSetLg) of the TOTOLINK X15 router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the built-in web server boa /boafrm/formSetLg of the TOTOLINK X15 router’s microprogramming software is related to the copying of buffers without checking the size of input data during the processing of the submit-url parameter. Exploiting this vulnerability allows a maliciou...

The vulnerability in the /goform/form2lansetup.cgi microprogramming system of D-Link DIR-816 allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in the /goform/form2lansetup.cgi microprogramming system of D-Link DIR-816 relates to the issue of data being written outside the buffer in memory during the processing of the IP parameter. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...

The vulnerability of CNCSoft’s numerical control software lies in its ability to write beyond buffer boundaries, allowing attackers to execute arbitrary code.

The vulnerability of CNCSoft’s numerical control software lies in its ability to execute code outside the buffer boundaries. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

The vulnerability of the JavaScript “Promise” object in browsers such as Mozilla Firefox and Firefox ESR allows a perpetrator to execute arbitrary code.

The vulnerability of the JavaScript “Promise” object in Mozilla Firefox and Firefox ESR browsers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

The vulnerability in Mozilla Firefox and Firefox ESR browsers allows a hacker to execute arbitrary code.

The vulnerability of Mozilla Firefox and Firefox ESR browsers is related to writing beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Common Log File System Driver for Microsoft Windows operating systems allows attackers to gain increased privileges.

The vulnerability of the Common Log File System Driver for Microsoft Windows operating systems is related to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the soup_headers_parse_request() function in the libsoup library, a graphical interface library for GNOME, allows a hacker to trigger a service failure.

The vulnerability of the soupheadersparserequest function in the GNOME graphical interface library libsoup is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending a special...

CVE-2025-48990

NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in rtcopymemory, which unconditionally wrote a null terminator at dstlen. When len equals the size of the destination buffer 256 bytes, that extra '\0' write overruns the buffer by one byte. To avo...

CVE-2025-48990 NeKernel has Heap Overflow in `rt_copy_memory`

NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in rtcopymemory, which unconditionally wrote a null terminator at dstlen. When len equals the size of the destination buffer 256 bytes, that extra '\0' write overruns the buffer by one byte. To avo...

CVE-2025-48990

NeKernal (version 0.0.2) has a 1-byte heap overflow in rt_copy_memory that writes a null terminator to dst[len]. When len equals the destination buffer size (256 bytes), this extra write overruns the buffer by one byte. The patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee removes the over...

CVE-2025-48990 NeKernel has Heap Overflow in `rt_copy_memory`

NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in rtcopymemory, which unconditionally wrote a null terminator at dstlen. When len equals the size of the destination buffer 256 bytes, that extra '\0' write overruns the buffer by one byte. To avo...

CVE-2025-1246

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operation...

The vulnerability in the fs/btrfs/extent_io.h module of the Linux operating system’s kernel allows a hacker to increase their privileges.

The vulnerability in the fs/btrfs/extentio.h module of the Linux operating system’s file system is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...