Lucene search
K

2131 matches found

Cvelist
Cvelist
added 2026/06/04 2:34 p.m.36 views

CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 2:34 p.m.56 views

CVE-2026-40930

CVE-2026-40930 concerns LIBPNG (v1.8.0) where three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC. This allows attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk heade...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/04 2:34 p.m.10 views

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.8AI score0.00202EPSS
Exploits0
CloudLinux
CloudLinux
added 2026/06/04 11:47 a.m.11 views

perl: Fix of CVE-2026-8376

CVE-2026-8376: fix heap buffer overflow in Sstudychunk when compiling regular expressions with a repeated fixed string on 32-bit builds mincount l overflow...

9.8CVSS5.8AI score0.00398EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.27 views

PT-2026-46315

Name of the Vulnerable Software and Affected Versions netty incubator codec-ohttp versions prior to 0.0.22.Final Description The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp fails to verify the receipt of a cryptographically-signed final chunk before the outer HTTP body terminates...

8.7CVSS5.5AI score0.00167EPSS
Exploits0References9
OSV
OSV
added 2026/06/03 7:0 a.m.5 views

OPENSUSE-SU-2026:20895-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2026-1801: Use CRLF as line boundary when parsing chunk encoding data bsc1257649...

6.5CVSS5.4AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2026/06/02 9:7 a.m.8 views

CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376

SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...

9.8CVSS6AI score0.00398EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/02 1:38 a.m.14 views

SUSE CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/01 1:29 p.m.12 views

CVE-2026-45352

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request that includes a negative chunk-size in the chunked Transfer-Encoding. This incorrect parsing leads to unbounded memory allocation, causing the...

7.5CVSS5.8AI score0.00327EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/06/01 5:40 a.m.107 views

Exploit for Integer Overflow to Buffer Overflow in Perl

CVE-2026-8376-Perl-Heap-Buffer-Overflow-PoC-Exploit Perl vers...

9.8CVSS6AI score0.00398EPSS
Exploits1
OSV
OSV
added 2026/06/01 12:0 a.m.9 views

PUB-A-479203197

In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

3.5CVSS6.2AI score0.00173EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 9:15 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper validation of the chunk-size field in chunked Transfer-Encoding within the ChunkedDecoder::readpayload function. An attacker can cause unbounded memory allocation and...

7.5CVSS5.8AI score0.00327EPSS
Exploits1References2
NVD
NVD
added 2026/05/29 8:16 p.m.24 views

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.11 views

DEBIAN-CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.9 views

UBUNTU-CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:14 p.m.12 views

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 7:14 p.m.8 views

CVE-2026-45352 cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References1
CVE
CVE
added 2026/05/29 7:14 p.m.35 views

CVE-2026-45352

The CVE-2026-45352 issue affects cpp-httplib (header-only HTTP/HTTPS library). Before version 0.43.4, the ChunkedDecoder::read_payload routine parses the chunk-size in chunked Transfer-Encoding with std::strtoul(), which can silently accept a minus sign. This allows negative chunk sizes (e.g., "-...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/05/29 7:14 p.m.16 views

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/29 7:14 p.m.46 views

CVE-2026-45352 cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

5.3CVSS0.00327EPSS
Exploits1References1
Rows per page
Query Builder