CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

EUVD-2026-18060

OpenEXR: integer overflow to OOB write in uncompressb44impl...

USN-7954-2: Libtasn1 vulnerabilities

USN-7954-1 fixed vulnerabilities in Libtasn1. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-46848 only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was...

JLSEC-2025-136 In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vu...

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg version n6.1.1, which can be exploited by attackers to cause undefined behavior or a crash during decoding...

MGASA-2024-0036 Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

PKCS12 Decoding crashes

...

SUSE CVE-2020-5235

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PBENABLEMALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc runs out of memory when expanding the array nanopb can end...

UBUNTU-CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

SUSE-SU-2015:1383-1 Security update for libqt5-qtbase

This security update fixes the following issues: Add libqt5-Fix-a-division-by-zero-processing-malformed-BMP.patch - QTBUG-44547, bsc921999 CVE-2015-0295 Add libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch - bsc927806 CVE-2015-1858, bsc927807 CVE-2015-1859 Add...

Mozilla Base64 decoding crash

Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...

Fedora 10 : libtiff-3.8.2-13.fc10 (2009-7358)

Fixes latest libtiff LZW decoding crash problem Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...