SUSE CVE-2026-46179

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by dividing the position by the number of channels multiplied by the...

Linux Distros Unpatched Vulnerability : CVE-2026-46179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by...

CVE-2026-46179

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA System on Chip ASoC Sound Open Firmware SOF subsystem. This vulnerability occurs when reporting the pointer for a compressed stream, where the I/O frame position is divided by values that can be zero if the stream...

CVE-2026-46179

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by dividing the position by the number of channels multiplied by the...

CVE-2026-46179

The CVE concerns the Linux kernel ASoC SOF path where reporting the pointer for a compressed stream divides the I/O frame position by (channels × container bytes). Initially these values default to 0 and are configured only when setting stream parameters, allowing a divide-by-zero condition. The ...

CLSA-2026-1779466465 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

CLSA-2026-1779369849 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

CVE-2026-41312

A flaw was found in pypdf. An attacker can craft a malicious PDF file containing a specially compressed stream. When this file is processed, it can lead to excessive memory consumption RAM exhaustion, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation for this iss...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

EUVD-2011-2869

Malware in sbrugna...

PT-2024-40876 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs due to a crash in the LZWDecompresser.decompress function. The issue is related to the decompression process in the CompressedStreamStore.decompress method...

RHEL 9 : gdk-pixbuf2 (RHSA-2023:2216)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2216 advisory. The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by...

ALSA-2023:2216 Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fixes: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data CVE-2021-44648 gdk-pixbu...

K5004: Security Advisory: zlib buffer overflow - CAN-2005-2096

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

Memory exhaustion in http4s-async-http-client with large or malicious compressed responses

Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...

ghostscript: glyph data access improper input validation

The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...

ghostscript: glyph data access improper input validation

The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...

Mandriva Linux Security Advisory : gimp (MDVSA-2011:167)

A vulnerability has been discovered and corrected in gimp : The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in...

Heap overflow

The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...

CVE-2011-2896

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte functio...