Astra Linux – Vulnerability in poppler, poppler-22

Before version 25.04.0, crafted input files could cause out-of-bounds reads in the JBIG2Bitmap::combine function within JBIG2Stream.cc, due to an improperly placed isOk check...

Astra Linux – Vulnerability in poppler, poppler-22

In Poppler version 24.12.0, the libpoppler.so library contains a out-of-bounds read vulnerability within the JBIG2Stream.cc file’s JBIG2Bitmap::combine function...

EulerOS Virtualization 2.12.0 : zlib (EulerOS-SA-2026-2117)

According to the versions of the zlib package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop th...

CVE-2026-4078

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...

Security Bulletin: IBM i is Affected by an Improper Validation Vulnerability in zlib [CVE-2026-27171]

Summary Zlib for IBM i is vulnerable to increased CPU consumption when using functions crc32combine64 and crc32combine64gen64 CVE-2026-27171 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via...

JLSEC-2026-480 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because...

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...

Low: nodejs22

Issue Overview: A flaw was found in zlib. An attacker providing specially crafted input to the crc32combine64 or crc32combinegen64 functions could trigger an infinite loop within the x2nmodp function. This leads to excessive CPU consumption, which can result in a Denial of Service DoS for the...

Low: nodejs20

Issue Overview: A flaw was found in zlib. An attacker providing specially crafted input to the crc32combine64 or crc32combinegen64 functions could trigger an infinite loop within the x2nmodp function. This leads to excessive CPU consumption, which can result in a Denial of Service DoS for the...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1608)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1608 advisory. A flaw was found in zlib. An attacker providing specially crafted input to the crc32combine64 or crc32combinegen64 functions could trigger an infinite loop within the x2nmodp function. This leads to...

CVE-2026-4078

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...

WordPress plugin ITERAS 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-34866

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the combin...

JLSEC-2026-86 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the...

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check...

JLSEC-2026-83

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc...

SUSE-SU-2026:21013-1 Security update for zlib

This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32combine64 and crc32combinegen64 functions due to missing checks for negative lengths. bsc1258392 - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in...

Updated zlib packages fix security vulnerability

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...

Advisory ROSA-SA-2026-3250

software: zlib 1.2.13 OS: ROSA-CHROME unaffected versions = zlib-1.2.13-2 affected versions zlib-1.2.13-2 CVE-ID: CVE-2026-27171 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In zlib before 1.3.2, excessive CPU consumption DoS via crc32combine64 and crc32combinegen64 functions is possible: the x2nmodp...

OESA-2026-1586 zlib security update

Security Fixes: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition.CVE-2026-27171...

OESA-2026-1585 zlib security update

Security Fixes: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition.CVE-2026-27171...

OESA-2026-1583 zlib security update

Security Fixes: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition.CVE-2026-27171...