Moderate: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2026-32544

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 Description An off-by-one error in the MSL decoder can cause a crash when reading a malicious MSL file. Recommendations Update to version 7.1.2-19...

CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

CLSA-2026-1767700070 python3: Fix of CVE-2025-4516

CVE-2025-4516: use-after-free in unicode-escape decoder with custom error handlers...

BIT-PYTHON-MIN-2025-4516 Use-after-free in "unicode_escape" decoder with error handler

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

CVE-2025-6199

CVE-2025-6199 affects the GIF LZW decoder in GdkPixbuf (gdk-pixbuf2). When an invalid symbol is decompressed, the output size is set to the full buffer length instead of the number of written bytes, causing uninitialized buffer areas to be emitted and potentially leaking memory contents from GIF ...

CVE-2024-47599

A flaw was found in the GStreamer library. Insufficient error handling in the JPEG decoder can lead to NULL-pointer dereferences and cause crashes for certain input files, making it possible for a malicious actor to trigger a crash of the application...

CVE-2024-34156

CVE-2024-34156 affects Go’s Decoder.Decode when processing messages with deeply nested structures, leading to a panic from stack exhaustion. The issue is tied to the Go standard library (golang) and has been discussed in Go-related advisories and public postings (e.g., the follow-up to CVE-2022-3...

PT-2023-9005 · Artifex +2 · Jbig2Dec +2

Name of the Vulnerable Software and Affected Versions: Artifex Software jbig2dec version 0.20 Description: The issue is related to the incorrect initialization of a resource in the jbig2 error function of the jbig2.c file in the Jbig2dec decoder for the JBIG2 image compression format. This can be...

SUSE CVE-2004-0642

Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...

UBUNTU-CVE-2019-15133

In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c if the height field of the ImageSize data structure is equal to zero...

Mozilla Thunderbird < 13.0 Multiple Vulnerabilities

Binary data 6498.prm...

CVE-2009-4631

Off-by-one error in the VP3 decoder vp3.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption...

CVE-2002-0036

Summary: CVE-2002-0036 is a signedness bug in MIT Kerberos V5 ASN.1 decoder prior to krb5 1.2.5, allowing a remote attacker to trigger a denial of service by sending a large unsigned data element length that is later treated as negative. Impact: DoS of Kerberos services (notably KDC/servers) as d...