CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGACMDMAXDATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds access...

drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE

...

SUSE CVE-2024-41026

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...

UBUNTU-CVE-2024-41026

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...

golang: crypto/tls: lack of a limit on buffered post-handshake

A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size...

OESA-2021-1235 libX11 security update

Core X11 protocol client library. Security Fixes: LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended for server-side color lookup contains a flaw allowing a client to send color-name...

NSD Denial of Service Vulnerability

NSD is a high-performance open source name server. NSD suffers from a denial of service vulnerability. Because the NSD server fails to limit the size of the data transferred in the region, allowing a remote attacker can exploit the vulnerability to submit a special request for a denial-of-service...

Scientific Linux Security Update : curl on SL5.x i386/x86_64

Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue...

Scientific Linux Security Update : curl on SL3.x i386/x86_64

Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue...

curl security update

CentOS Errata and Security Advisory CESA-2010:0329 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

RedHat Update for curl RHSA-2010:0273-05

Check for the Version of curl OpenVAS Vulnerability Test RedHat Update for curl RHSA-2010:0273-05 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...