Astra Linux - уязвимость в qpdf

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...

Astra Linux - уязвимость в qpdf

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf...

Astra Linux - уязвимость в alsa-lib

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

Astra Linux - уязвимость в libstb

STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may cause memory writes to exceed the allocated heap buffer in startdecoder. The root cause of this issue is a potential integer overflow in sizeofchar f-commentlistlength, which may...

Astra Linux - уязвимость в dcmtk

A vulnerability has been discovered in DCMTK 3.6.9. It has been classified as critical. This vulnerability affects unknown code within the dcmjpls JPEG-LS Decoder component. The vulnerability leads to memory corruption. The attack can be initiated remotely. The exploit has been made public and ma...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Handle invalid decoder vsi This issue addresses the handling of an invalid decoder vsi in vpudecinit, ensuring that the decoder vsi is valid for future use...

Astra Linux - уязвимость в dav1d

An integer overflow occurs in the dav1d AV1 decoder, which can happen when decoding videos with a large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to a version later than 1.4.0 of dav1d...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Media: MediTech: vcodec: Fixed an oops when HEVC initialization fails The stateless HEVC decoder saves the instance pointer in the context, regardless of whether the initialization succeeded or not. This caused a use-after-fre...

Astra Linux - уязвимость в faad2

An invalid memory address dereference was discovered in the sbrprocesschannel function of libfaad/sbrdec.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. This vulnerability causes a segmentation fault and an application crash, resulting in a denial of service...

Astra Linux - уязвимость в faad2

A issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. It is a buffer over-read in psmixphase in libfaad/psdec.c...

Astra Linux - уязвимость в python3.7, python2.7

A issue was discovered in Python before version 3.11.1. An unnecessary quadratic algorithm exists in one path when processing certain inputs to the IDNA RFC 3490 decoder. This can lead to an excessive CPU usage when a maliciously crafted, unreasonably long hostname is provided to the decoder...

Exploit for Integer Overflow or Wraparound in Zeromq Libzmq

CVE-2019-6250 — libzmq pre-auth RCE lab !CVEhttps://img.s...

OESA-2026-2178 musl security update

musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards conforman...

Exploit for Path Traversal in Apktool

CVE-2026-39973-PoC This is a small C apk file builder for CV...

OPENSUSE-SU-2026:20657-1 Security update for freerdp

This update for freerdp fixes the following issues: Update to version 3.24.2. Security issues fixed: - CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel bsc1258919. - CVE-2026-25942: buffer overflow of global array in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952:...

Improper Authentication

org.springframework.security:spring-security-oauth2-jose is vulnerable to Improper Authentication. The vulnerability is due to missing configuration of a JWT validator when using NimbusJwtDecoder or NimbusReactiveJwtDecoder, which allows an attacker to bypass token validation with crafted JWTs...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1640)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1640 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could...

OPENSUSE-SU-2026:20652-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. - CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425...

JLSEC-2026-328

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

TencentOS Server 2: ImageMagick (TSSA-2026:0256)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0256 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...