31 matches found
CVE-2026-32740
libheif (HEIF/AVIF decoder/encoder) versions
OESA-2026-2165 opencryptoki security update
openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...
CVE-2026-31963
A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. When processing CRAM Compressed Reference-oriented Alignment Map files, an out-by-one error in feature decoding can cause a heap buffer overflow. This vulnerability allows an attacker to craft a malicious...
CVE-2026-31969
HTSlib CRAM decoding bug: a heap buffer overflow in cram_byte_array_stop_decode_char() when decoding BYTE_ARRAY_STOP can write an attacker-controlled byte past a heap allocation. This arises from an out-by-one check in the full output buffer. Consequence could be program crash, data/heap-structur...
CVE-2026-31964 HTSlib CRAM decoder has a NULL Pointer Dereference
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...
EUVD-2026-12923
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to...
Linux Distros Unpatched Vulnerability : CVE-2026-31962
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most...
curl: MQTT Protocol Violation & Integer Overflow in libcurl
Executive Summary Vulnerability Type: CWE-190 Component: lib/mqtt.c Function: mqttdecodelen Affected Architectures: - All architectures: Protocol non-compliance leading to stream desynchronization - 32-bit architectures: Deterministic integer overflow in length decoding libcurl does not correctly...
openSUSE 16 Security Update : python-cbor2 (openSUSE-SU-2025-20133-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20133-1 advisory. - CVE-2025-64076: Fixed bug in decodedefinitelongstring that causes incorrect chunk length calculation bsc1253746. Already fixed in release 5.6....
CVE-2025-59731
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...
Linux Distros Unpatched Vulnerability : CVE-2024-6162
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises becau...
CVE-2024-39312 Botan has an Authorization Error due to Name Constraint Decoding Bug
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...
CVE-2024-39312 Botan has an Authorization Error due to Name Constraint Decoding Bug
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...
DEBIAN-CVE-2024-26851
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: Add protection for bmp length out of range UBSAN load reports an exception of BRK5515 SHIFTISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux getbitmapb=75 + 712 vmlinux...
undertow: url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
SUSE CVE-2022-28048
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...
CVE-2022-23570 Null-dereference in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...
UBUNTU-CVE-2021-36409
There is an Assertion scalinglistpredmatrixiddelta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service DoS by running the application with a crafted file or possibly have unspecified other impact...
UBUNTU-CVE-2021-27918
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...
UBUNTU-CVE-2019-13626
SDL Simple DirectMedia Layer 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode in audio/SDLwave.c...