A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby

Posted by Natalie Silvanovich Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to...

MiracleLinux 3 : kdegraphics-3.5.5-3.5AXS3 (AXSA:2009-416:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-416:01 advisory. The KDE Graphics is a metapackage of graphics related applications and libraries for use with the K Desktop Environment. Security bugs fixed with thi...

MiracleLinux 3 : libtiff-3.8.2-7.2 (AXSA:2008-91:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-91:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for...

MiracleLinux 3 : poppler-0.5.4-4.4.9.1AXS3 (AXSA:2009-56:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-56:01 advisory. Poppler, a PDF rendering library, it's a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. Fixed bugs: CVE-2009-0146...

Huawei EulerOS: Security Advisory for librsvg2 (EulerOS-SA-2026-1051)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 3 : tetex-3.0-33.8.5.0.1.AXS3 (AXSA:2010-276:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-276:02 advisory. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a...

Huawei EulerOS: Security Advisory for librsvg2 (EulerOS-SA-2026-1030)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 7 : gstreamer1-plugins-base-1.10.4-2.0.2.el7.AXS7 (AXSA:2025-11109:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11109:02 advisory. CVE-2024-47538: fix stack-buffer overflow in vorbishandleidentificationpacket function by limiting writing beyond boundaries of position array CVEs...

MiracleLinux 7 : ImageMagick-6.9.10.68-7.0.7.el7.AXS7 (AXSA:2025-11533:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11533:04 advisory. CVE-2025-62171: add overflow check before calculating extent in the BMP decoder CVEs: CVE-2025-62171 ImageMagick is an open source software suite for...

Security update for python-cbor2 (moderate)

openSUSE Security Update: Security update for python-cbor2 Announcement ID: openSUSE-SU-2026:0009-1 Rating: moderate References: 1255783 Cross-References: CVE-2025-68131 CVSS scores: CVE-2025-68131 SUSE: 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSU...

CVE-2018-14072

libsixel 1.8.1 has a memory leak in sixeldecoderdecode in decoder.c, imagebufferresize in fromsixel.c, and sixeldecoderaw in fromsixel.c...

CVE-2018-9383

In asn1berdecoder of asn1decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-0674

In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237...

CVE-2022-37769

libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2020-24074

The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow...

CVE-2020-24753

A memory corruption vulnerability in Objective Open CBOR Run-time oocborrt in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation CBOR input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings...

CVE-2024-41131

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9...

CLSA-2026-1767700458 python3: Fix of CVE-2025-4516

CVE-2025-4516: use-after-free in unicode-escape decoder with custom error handlers...

CLSA-2026-1767700070 python3: Fix of CVE-2025-4516

CVE-2025-4516: use-after-free in unicode-escape decoder with custom error handlers...

SUSE CVE-2025-65942

VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics...