2131 matches found
CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
CVE-2026-40930
CVE-2026-40930 concerns LIBPNG (v1.8.0) where three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC. This allows attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk heade...
CVE-2026-40930
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
perl: Fix of CVE-2026-8376
CVE-2026-8376: fix heap buffer overflow in Sstudychunk when compiling regular expressions with a repeated fixed string on 32-bit builds mincount l overflow...
PT-2026-46315
Name of the Vulnerable Software and Affected Versions netty incubator codec-ohttp versions prior to 0.0.22.Final Description The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp fails to verify the receipt of a cryptographically-signed final chunk before the outer HTTP body terminates...
OPENSUSE-SU-2026:20895-1 Security update for libsoup2
This update for libsoup2 fixes the following issues: - CVE-2026-1801: Use CRLF as line boundary when parsing chunk encoding data bsc1257649...
CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376
SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...
SUSE CVE-2026-45352
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...
CVE-2026-45352
A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request that includes a negative chunk-size in the chunked Transfer-Encoding. This incorrect parsing leads to unbounded memory allocation, causing the...
Exploit for Integer Overflow to Buffer Overflow in Perl
CVE-2026-8376-Perl-Heap-Buffer-Overflow-PoC-Exploit Perl vers...
PUB-A-479203197
In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper validation of the chunk-size field in chunked Transfer-Encoding within the ChunkedDecoder::readpayload function. An attacker can cause unbounded memory allocation and...
CVE-2026-45352
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...
DEBIAN-CVE-2026-45352
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...
UBUNTU-CVE-2026-45352
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...
CVE-2026-45352
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...
CVE-2026-45352 cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...
CVE-2026-45352
The CVE-2026-45352 issue affects cpp-httplib (header-only HTTP/HTTPS library). Before version 0.43.4, the ChunkedDecoder::read_payload routine parses the chunk-size in chunked Transfer-Encoding with std::strtoul(), which can silently accept a minus sign. This allows negative chunk sizes (e.g., "-...
CVE-2026-45352
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...
CVE-2026-45352 cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...