6417 matches found
DEBIAN-CVE-2026-14803
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...
CVE-2026-14803
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...
CVE-2026-14803 Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...
CVE-2026-14803
Mojo::JSON prior to version 9.47 is vulnerable to memory exhaustion due to unbounded recursion in the pure-Perl JSON decoder (_decode_value -> _decode_array/_decode_object). The issue arises when the pure-Perl path is used (default if Cpanel::JSON::XS is not installed or MOJO_NO_JSON_XS=1); a ...
EUVD-2026-41798
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...
CVE-2026-14803
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory up to 32 MB per block before...
php:7.4 security update
An update is available for module.libzip, php-pear, php-pecl-xdebug, libzip, php, module.php-pecl-xdebug, php-pecl-rrd, module.php, module.php-pecl-apcu, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pear, php-pecl-apcu. This update affects Rocky Linux 8. A Common Vulnerabili...
CVE-2026-53466
A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. An attacker could craft a malicious image file that, when processed by the XCF decoder, triggers an integer overflow. This overflow leads to an out-of-bounds read, which can cause the...
CVE-2026-55594
A flaw was found in ImageMagick, free and open-source software for editing and manipulating digital images. A missing depth check in the MVG Magick Vector Graphics decoder can lead to a stack overflow when a remote attacker provides a specially crafted image. This vulnerability could result in a...
CVE-2026-53467
A flaw was found in ImageMagick. The MNG decoder in ImageMagick contains a heap information disclosure vulnerability. This flaw could allow an attacker to potentially access sensitive information from memory due to parts of image pixels being left unchanged during processing. This could lead to...
CVE-2026-55594
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...
CVE-2026-53467
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versio...
CVE-2026-53466
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been...
CVE-2026-55577
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in...
CVE-2026-55594 ImageMagick: Stack Overflow in MVG decoder due to missing depth check.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...
CVE-2026-55594
ImageMagick (MVG decoder) is affected by a stack overflow in the MVG decoder due to a missing depth check when processing a crafted image. This affects versions prior to 6.9.13-51 and 7.1.2-26. The issue has been fixed in 6.9.13-51 and 7.1.2-26. According to the CVE entry, the assigned CVSS score...
CVE-2026-53467
ImageMagick’s CVE-2026-53467 affects the MNG decoder. Prior to 6.9.13-51 and 7.1.2-26, the decoder can disclose heap information because part of the pixels are left unchanged. Fixed in 6.9.13-51 and 7.1.2-26. Affected software: ImageMagick (Image editing/manipulation tool); component: MNG decoder...
CVE-2026-53467
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versio...
CVE-2026-53466
ImageMagick is affected by CVE-2026-53466 due to a heap buffer over-read in the XCF image decoder caused by an integer conversion overflow. A crafted XCF image can trigger an out-of-bounds read, potentially leading to a crash. Affected versions are prior to 6.9.13-51 and 7.1.2-26; the issue has b...