CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

GO-2026-5032 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

RLSA-2026:19142 Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Denial of service via heap use-after-free during...

OESA-2026-2503 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

[SECURITY] Fedora 43 Update: perl-Sereal-Decoder-5.005-1.fc43

This library implements a deserializer for an efficient, compact-output, and feature-rich binary protocol called Sereal...

[SECURITY] Fedora 44 Update: jpegxl-0.11.2-1.fc44

This package contains a reference implementation of JPEG XL encoder and decoder...

[SECURITY] Fedora 44 Update: perl-Sereal-5.005-1.fc44

Sereal is an efficient, compact-output, binary and feature-rich serialization protocol. The Perl encoder is implemented as the Sereal::Encoder module, the Perl decoder correspondingly as Sereal::Decoder. This Sereal module is a very thin wrapper around both Sereal::Encoder and Sereal::Decoder. It...

Fedora 44 : perl-Sereal / perl-Sereal-Decoder / perl-Sereal-Encoder (2026-26bb3fe2c6)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-26bb3fe2c6 advisory. This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer. Tenable has extracted the preceding descriptio...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-46597)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-46597 advisory. - An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM pack...

PT-2026-44989

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp bitmap decompress planar validates the X destination coordinate nXDst against the...

PT-2026-44992

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder fails to impose a limit on the size of PackBits-compressed data. This allows a maliciously crafted image, even one with small pixel dimensions a...

📄 ImageMagick 7.x Denial of Service

ImageMagick versions 7.x suffer from an infinite loop issue in the MIFF decoder that can lead to CPU exhaustion. Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec...

Avro 资源管理错误漏洞

Avro is a fast Go Avro decoder developed by hamba. Versions prior to 2.33.0 contained a resource management vulnerability. This vulnerability stemmed from the Avro array and mapping decoders’ tendency to loop through a counter controlled by the attacker without checking the error status of the...

FreeRDP 缓冲区错误漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained a buffer error vulnerability. This vulnerability stemmed from the plane bitmap decoder’s inability to prevent out-of-bounds write-ups during RLE plane data decoding...

Fedora 43 : perl-Sereal / perl-Sereal-Decoder / perl-Sereal-Encoder (2026-49c4be8260)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-49c4be8260 advisory. This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer. Tenable has extracted the preceding descriptio...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of restrictions on the size of PackBits compressed data. This vulnerability...

ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/download/ Version: ImageMagick 7.x...

Linux Distros Unpatched Vulnerability : CVE-2026-49127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows...

Avro 输入验证错误漏洞

Avro is a fast Go Avro decoder developed by hamba. Versions prior to Avro 2.33.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from multiple Avro decoder paths reading 64-bit values controlled by an attacker and truncating or using overflow signed intege...

CVE-2026-46199

A flaw was found in the Linux kernel's drm/amdgpu/vcn4 component. This vulnerability allows an attacker to trigger an out-of-bounds OOB read when parsing decoder messages due to insufficient bounds checking. This could lead to information disclosure, potentially revealing sensitive data from memo...