Sereal::Decoder 安全漏洞

Sereal::Decoder is a decoding module developed by YVES’s individual developers, designed for parsing high-performance binary serialization data formats. Versions 4.000 to 4.009002 of Sereal::Decoder contain security vulnerabilities. These vulnerabilities stem from a buffer out-of-bounds write fla...

Fedora: Security Advisory (FEDORA-2026-3572f7e01c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-29320

Name of the Vulnerable Software and Affected Versions aws-c-event-stream versions prior to 0.6.0 Description A flaw exists in the streaming decoder component of aws-c-event-stream that could allow a third party operating a server to cause memory corruption, potentially leading to arbitrary code...

aws-c-event-stream 安全漏洞

aws-c-event-stream is a C language implementation library for the event stream protocol, open-sourced by Amazon Web Services - Labs. Versions of aws-c-event-stream prior to 0.6.0 contain security vulnerabilities. These vulnerabilities stem from out-of-bounds writing in the stream decoder componen...

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

CVE-2026-33977 FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

Amazon Linux 2023 : libde265, libde265-devel (ALAS2023-2026-1477)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1477 advisory. strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable. CVE-2025-61147 Tenable has extracted the preceding description...

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

SUSE CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

CVE-2026-32284 Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

CVE-2026-32284

The CVE-2026-32284 is a denial-of-service risk in the msgpack decoder (github.com/shamaton/msgpack) caused by insufficient validation of input buffer length for truncated fixext data (format codes 0xd4–0xd8), leading to an out-of-bounds read and a runtime panic. Public sources from NVD/SUSE indic...

EUVD-2026-16343

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

CVE-2026-33636

CVE-2026-33636 targets the libpng library. In libpng versions 1.6.36–1.6.55, an ARM/AArch64 Neon-optimized palette expansion path permits an out-of-bounds read and an out-of-bounds write when expanding 8-bit paletted rows to RGB/RGBA. The Neon loop processes a final partial chunk without verifyin...

openexr -- multiple vulnerabilities

Cary Phillips reports: OpenEXR 3.4.9 addresses the following CVEs: CVE-2026-34589 DWA Lossy Decoder Heap Out-of-Bounds Write CVE-2026-34588 Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write CVE-2026-34380 Signed integer overflow undefined behavior in undopxr24impl may allow bounds-che...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the tiff decoder. An attacker can trigger excessive memory allocation by submitting a specially crafted TIFF file, potentially leading to resource exhaustion or denial of service...

OPENSUSE-SU-2026:20420-1 Security update for ffmpeg-7

This update for ffmpeg-7 fixes the following issues: - Updated to version 7.1.2: avcodec/librsvgdec: fix compilation with librsvg 2.50.3 libavfilter/affirequalizer: Add check for avmallocarray avcodec/libsvtav1: unbreak build with latest svtav1 avformat/hls: Fix Youtube AAC Various bugfixes...

SUSE-SU-2026:20932-1 Security update for ffmpeg-7

This update for ffmpeg-7 fixes the following issues: - Updated to version 7.1.2: avcodec/librsvgdec: fix compilation with librsvg 2.50.3 libavfilter/affirequalizer: Add check for avmallocarray avcodec/libsvtav1: unbreak build with latest svtav1 avformat/hls: Fix Youtube AAC Various bugfixes...

CLSA-2026-1774370188 Fix CVE(s): CVE-2026-25970

SECURITY UPDATE: signed 32-bit integer overflow in SIXEL decoder; buffer reallocation overflow leading to memory corruption and denial of service - debian/patches/CVE-2026-25970.patch: Fix out-of-bounds write; Rename misnamed position variables and adjust index arithmetic and casts using signed...

EUVD-2019-20008

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...