SUSE-SU-2025:1367-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with gdatetimenewfromiso8601 bsc1240897...

SUSE CVE-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

UBUNTU-CVE-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, XSH. A security vulnerability exists in libxml2 versions prior to 2.13.8 and prior to 2.14.2, which stems from a heap buffer under-read in...

AZL-59585 CVE-2025-3360 affecting package glib for versions less than 2.71.0-5

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

DEBIAN-CVE-2025-3360

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

AZL-59591 CVE-2025-3360 affecting package glib for versions less than 2.78.6-2

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

UBUNTU-CVE-2025-3360

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

SUSE CVE-2025-32050

A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read...

AZL-59551 CVE-2025-32050 affecting package libsoup for versions less than 3.0.4-6

A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read...

UBUNTU-CVE-2025-32050

A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read...

CLSA-2024-1730479989 Fix CVE(s): CVE-2023-7347, CVE-2024-7347

SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347...

CLSA-2024-1730478623 Fix CVE(s): CVE-2023-7347, CVE-2024-7347

SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347...

SUSE CVE-2007-0157

Array index error in the urilookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service crash via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error tha...

SUSE CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName...

SUSE CVE-2016-4539

The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML data in the second argument,...

SUSE CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...

SUSE CVE-2018-6876

The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service stack-based buffer under-read via a crafted bmp image...

SUSE CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

SUSE CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...