SUSE-SU-2026:1716-1 Security update for libpng12

This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. Security issues : - CVE-2017-12652: missing chunk length check can lead to sensitive information disclosure, data corruption or crash bsc1141493. - CVE-2026-33416: use-after-free via pointer aliasing in...

MiracleLinux 7 : libpng-1.5.13-8.el7 (AXSA:2020-552:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-552:01 advisory. libpng: does not check length of chunks against user limit CVE-2017-12652 CVE-2017-12652 libpng before 1.6.32 does not properly check the length of chunks...

EUVD-2017-4191

Malware in sbrugna...

EUVD-2011-1574

Malware in sbrugna...

EUVD-2021-2029

Malware in sbrugna...

EUVD-2023-1867

Malicious code in bioql PyPI...

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

...

Security Bulletin: Vulnerabilities in snappy-java affect watsonx.data

Summary Snappy-java is vulnerable to a denial of service, caused by either an integer overflow, use of an unchecked chunk length or missing upper bound check on chunk length. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a deni...

snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact

A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service DoS...

CVE-2024-26616

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...

UBUNTU-CVE-2024-26616

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...

CVE-2024-26616 btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...

CVE-2024-26616 btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...

PT-2024-3787 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: The vulnerability is related to a use-after-free issue in the btrfs file system when the chunk length is not 64K aligned. This can lead to various problems, including "unable to fi...

snappy-java: Unchecked chunk length leads to DoS

A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID: CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list...

CVE-2023-43642

A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service DoS...

OESA-2023-1700 snappy-java security update

A Java port of the snappy, a fast compresser/decompresser written in C++. Security Fixes: snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data wit...

DEBIAN-CVE-2023-43642

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

CVE-2023-43642 Missing upper bound check on chunk length in snappy-java

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...