Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the MeshGeometry process in FBXMeshGeometry.cpp. An attacker can cause the application to crash or become unresponsive by providing specially crafted input files. Remediation There is no fixed version for...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the readdirectory function. An attacker can cause a denial of service by providing specially crafted input files that trigger an out-of-bounds read during the parsing process. Remediation A fix was pushed into the...

Use After Free

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Use After Free

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the vipsforeignloadmatrixheader function. An attacker can cause a denial of service by triggering a null pointer dereference during local processing of crafted input files. Remediation A fix was pushed into t...

poppler: Out-of-Bounds Read in Poppler

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...

EUVD-2018-13011

Malware in sbrugna...

EUVD-2019-17098

Malware in sbrugna...

EUVD-2010-3439

Malware in sbrugna...

EUVD-2025-9921

Malicious code in bioql PyPI...

Free of Memory not on the Heap

Overview Affected versions of this package are vulnerable to Free of Memory not on the Heap in the TIFFCROP utility. An attacker can cause denial of service by triggering memory corruption through crafted input files. Remediation Upgrade libtiff to version 4.7.1 or higher. References - GitLab Iss...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ggufinitfromfileimpl function in the gguf.cpp file. An attacker can cause heap out-of-bounds read or write by providing specially crafted input files. Remediation Upgrade llama-cpp to version b6565 or...

CVE-2020-27788

An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service...

MGASA-2025-0134 Updated poppler packages fix security vulnerabilities

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN. CVE-2025-32364 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine...

CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check...

PT-2025-15076

Name of the Vulnerable Software and Affected Versions Poppler versions prior to 25.04.0 Description The issue allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function due to a misplaced isOk check. This occurs in the JBIG2 parsing component of the software...

[SECURITY] [DLA 3805-1] qtbase-opensource-src security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3805-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 01, 2024 https://wiki.debian.org/LTS -...

USN-6672-1 nodejs vulnerabilities

Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a...

USN-6470-1 axis vulnerability

It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2023-40743...

USN-6457-1 nodejs vulnerabilities

Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2022-0778 Elison Niven discovered that Node.js...