PT-2026-33529

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description An out-of-bounds read exists in the ptp unpack DPV function within camlibs/ptp2/ptp-pack.c. The issue occurs during the handling of UINT128 and INT128 cases, where the offset variable is advanced...

CVE-2026-40253 openCryptoki: Memory safety vulnerabilities in BER/DER decoders in asn1.c

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007193 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen doe...

UBUNTU-CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

CVE-2026-4153

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

EUVD-2018-21735

Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to caus...

PT-2026-29018

🚨 CVE-2018-25232 Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location cust...

PT-2026-29013

Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during serv...

Potential Panic on Overlong Ciphertext Buffer

An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...

RUSTSEC-2026-0124 Potential Panic on Overlong Ciphertext Buffer

An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...

CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

CVE-2026-32284

The CVE-2026-32284 is a denial-of-service risk in the msgpack decoder (github.com/shamaton/msgpack) caused by insufficient validation of input buffer length for truncated fixext data (format codes 0xd4–0xd8), leading to an out-of-bounds read and a runtime panic. Public sources from NVD/SUSE indic...

CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

EUVD-2026-16343

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

Msgpack 安全漏洞

Msgpack is an efficient binary serialization format developed by shamaton. It allows for data exchange between various languages, such as JSON. However, it is faster and smaller in size. Small integers are encoded as a single byte, and typical short strings only require one additional byte beyond...

UBUNTU-CVE-2026-23307

In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...

CVE-2026-23307

In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...

EUVD-2019-19940

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash wh...

EUVD-2026-13168

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

UBUNTU-CVE-2026-3549

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...