CVE-2026-30873

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

Important: mingw-fontconfig security update

MinGW Windows Fontconfig library. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

Security Bulletin: Vulnerability in expat affects IBM Netezza Appliance

Summary The expat package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-59375 Vulnerability Details CVEID:CVE-2025-59375 DESCRIPTION: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small docume...

EUVD-2017-9404

Malware in sbrugna...

EUVD-2023-30081

Malicious code in bioql PyPI...

CVE-2023-22551

The FTP aka "Implementation of a simple FTP client and server" project through 96c1a35 allows remote attackers to cause a denial of service memory consumption by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not...

CVE-2022-49902 block: Fix possible memory leak for rq_wb on add_disk failure

In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory leak for rqwb on adddisk failure kmemleak reported memory leaks in deviceadddisk: kmemleak: 3 new suspected memory leaks unreferenced object 0xffff88800f420800 size 512: comm "modprobe", pid 4275, jiffi...

CVE-2024-56695

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfdgetcuoccupancy' The kfdgetcuoccupancy function previously declared a large cuoccupancy array as a local variable, which could lead to stack overflows due to excessi...

CVE-2024-56695

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfdgetcuoccupancy' The kfdgetcuoccupancy function previously declared a large cuoccupancy array as a local variable, which could lead to stack overflows due to excessi...

CVE-2024-56695

CVE-2024-56695 affects the Linux kernel’s AMDGPU/KFD subsystem. The vulnerability arose from a large local cu_occupancy array in kfd_get_cu_occupancy(), risking stack overflow when AMDGPU_MAX_QUEUES is large. The fix replaces the static stack allocation with dynamic memory via kcalloc and ensures...

CVE-2024-56695 drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfdgetcuoccupancy' The kfdgetcuoccupancy function previously declared a large cuoccupancy array as a local variable, which could lead to stack overflows due to excessi...

Linux Foundation Decentralized Trust: Memory Leak in bytes_to_hexstring Function

The function bytestohexstring was found to have a memory leak vulnerability. The function dynamically allocated memory using malloc but did not provide a way for the caller to free the allocated memory. This could lead to an increase in the program's memory consumption over time, potentially...

CVE-2024-35943

The CVE-2024-35943 entry pertains to the Linux kernel, specifically a vulnerability in TI-related pmdomain handling where omap_prm_domain_init lacked a null-pointer check after a dynamic allocation. The issue arises because devm_kasprintf() can return NULL on allocation failure, and without verif...

Design/Logic Flaw

An issue was discovered in the Connected Vehicle Systems Alliance COVESA; formerly GENIVI dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c...

CVE-2023-22410

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service DoS. Devices are only vulnerable when the Suspicious Control Flow...

ROS-20220920-01

The grubscriptfunctioncreate function of the Grub configuration file has a vulnerability due to a function override error. function override error while this function is already executed. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its...

CVE-2017-18277

When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD...

CVE-2017-18277

When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD...

CVE-2017-18277

CVE-2017-18277 describes a memory allocation failure in Qualcomm closed‑source components (Snapdragon Auto/Mobile/Wear) across multiple SD/SoC generations (e.g., SD 210/212/205, 625, 650, 810, 820, 835; MDM9xxx, QCN5502, etc.). The bug behavior is that when dynamic memory allocation fails, the pr...

Analysis of the Linux heap overflow of fastbin-vulnerability warning-the black bar safety net

Some time ago to participate in the RCTF match, encountered a stack overflow topic shaxian it. The vulnerability itself is quite obvious, but due to a heap overflow is not familiar, have not been able to find the use of the method. After reading Fudan University six star clan it is, only know it...