CVE-2025-59613

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

EUVD-2025-210026

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

CVE-2025-59613

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

PT-2026-45636

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size

Summary The per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. Details...

PT-2026-38839

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst wavparse cue chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatc...

CVE-2026-21382 Buffer Copy Without Checking Size of Input in Power Management IC

Memory Corruption when handling power management requests with improperly sized input/output buffers...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001224)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001224 advisory. The srdoioctl function in drivers/scsi/srioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service stack-based buffer overflow or...

CVE-2025-40304

CVE-2025-40304: Linux kernel fbdev rendering bounds check added for bit_putcs to prevent vmalloc-out-of-bounds writes when clipping framebuffer text at screen edges. The fix clips Y off-screen, adjusts image height, breaks on off-screen X, and updates the character count when clipping width to av...

CVE-2025-40304

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

PT-2025-49436

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's fbdev component related to insufficient bounds checking within the bit putcs function. This can lead to out-of-bounds writes when rendering text near...

AZL-73956 CVE-2025-39757 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

DEBIAN-CVE-2024-58069

In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client uses a buffer size less than 4 byte...

CVE-2024-47776 GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...

DEBIAN-CVE-2024-26870

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size 0, nfs4listxattr does not return an error because...

CVE-2020-13581

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014, a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker...

CVE-2020-28895

In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption...

CVE-2019-14130

CVE-2019-14130 describes memory corruption in Qualcomm closed-source components affecting Snapdragon Auto/Compute/Mobile/Wired Infrastructure and Networking products (Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130). The vulnerability arises when the offset size from the ...

CVE-2017-11087

CVE-2017-11087 affects libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when the mediaserver path copies the output buffer to an application using the “filled length,” which can exceed the output buffer’s actual size, causing an information disclosure. Publicly...

CVE-2016-4294

When opening a Hangul Hcell Document .cell and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, however, the application will use a different size...