CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

PT-2026-34044

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description A heap buffer overflow occurs when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers dec frame.buf are allocated using a...

Linux Distros Unpatched Vulnerability : CVE-2022-24675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. CVE-2022-24675 Note that Nessus relies on...

CVE-2025-8760

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64decode of the component fcgiserver. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely...

CVE-2025-8760

CVE-2025-8760 analysis (INSTAR 2K+/4K): A buffer overflow in the fcgi_server component (base64_decode) is triggered by manipulating the Authorization argument, allowing remote exploitation in INSTAR 2K+ and 4K, version 3.11.1 Build 1124. Several sources (e.g., Red Hat entry, CVE lists, PT-Securit...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

OESA-2025-1122 etcd security update

%expand: Security Fixes: encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.CVE-2022-24675 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.CVE-2022-24921 The gener...

PYSEC-2024-164

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...

OESA-2023-1328 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

SUSE CVE-2020-5312

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow...

golang: encoding/pem: fix stack overflow in Decode

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...

UBUNTU-CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

DEBIAN-CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

DEBIAN-CVE-2019-19635

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixeldecoderawimpl at fromsixel.c...

libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tiflzw.c via a crafted TIFF file, as demonstrated by tiff2ps...