GHSA-WV3X-4VXV-WHPP Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: filemap: Fixing the bounds checking in filemapread. If the caller provides an iocb-kipos value that is close to the upper limit of the filesystem, and an iterator with a count that causes us to exceed that limit, then filemapread...

DEBIAN-CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

MGASA-2026-0215 Updated libsndfile packages fix security vulnerabilities

CVE-2025-52194 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption a...

CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

CLSA-2026-1779214181 vim: Fix of 4 CVEs

CVE-2022-3278: fix crash when using NUL in buffer that uses :source; don't get a next line when skipping over NL in evalnextnonblank eval.c, upstream patch 9.0.0552 - CVE-2023-48234: fix overflow when getting count for normal z command; break out of nvzet count loop when n LONGMAX/10 normal.c,...

USN-8259-1 openexr vulnerabilities

Quang Luong discovered that OpenEXR incorrectly handled sample count accumulation when processing deep scan line image files. An attacker could possibly use this issue to cause OpenEXR to crash, resulting in a denial of service, or execute arbitrary code. CVE-2026-27622 It was discovered that...

CVE-2025-71292

In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfsrename If nlink is maximal for a directory -1 and inside that directory you perform a rename for some child directory not moving from the parent, then the nlink of the first directory is first incremente...

CVE-2026-43075

The CVE-2026-43075 issue affects the Linux kernel’s ocfs2 filesystem code. A corrupted ocfs2 filesystem mounted on a loop device could trigger an out-of-bounds write in ocfs2_write_end_inline during a copy_file_range splice fallback, caused by trusting on-disk id_count to fit inline data. The roo...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an overflow in the nlink function of the jfs file system’s jfsrename function. This vulnerability may...

CLSA-2026-1776849467 jasper: Fix of 3 CVEs

CVE-2021-26926: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-26927: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-3272: prevent heap-based buffer over-read in...

CVE-2026-31648

A flaw was found in the Linux kernel. A race condition in the filemapmappages function can lead to an integer overflow during the calculation of nrpages. This overflow causes the system to map memory beyond the intended boundaries of a memory block, potentially corrupting critical page metadata. ...

JLSEC-2026-97

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...

CLSA-2026-1775817651 poppler: Fix of CVE-2025-52886

CVE-2025-52886: limit amount of annotations per document/page to prevent use-after-free via reference count overflow...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

Azure Linux 3.0 Security Update: qemu (CVE-2024-26327)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26327 advisory. - An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c mishandles the situatio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003632)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003632 advisory. The Linux kernel before 5.1-rc5 allows page-refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is related...

CVE-2022-50541 dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMACHANRT byte counters to prevent overflow UDMACHANRTBCNTREG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to...