CVE-2026-28231 pillow_heif Has Integer Overflow in Encode Path Buffer Validation that Leads to Heap Out-of-Bounds Read

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

CVE-2026-28231 pillow_heif Has Integer Overflow in Encode Path Buffer Validation that Leads to Heap Out-of-Bounds Read

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

EUVD-2026-9061

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

PT-2026-22391

Name of the Vulnerable Software and Affected Versions pillow heif versions prior to 1.3.0 Description An integer overflow in the encode path buffer validation within pillow heif.c allows an attacker to bypass bounds checks by providing large image dimensions. This can lead to a heap out-of-bounds...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of URLs containing percent-encoded slashes in the UNSAFEPERCENTENCODE parameter in wcurl wrapper. An attacker can cause files to be saved outside of the intended directory by supplying specially...

CVE-2025-67432

A stack overflow in the ZBarcodeEncode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service DoS via a crafted input...

Monkeybread MBS DynaPDF Plugin 安全漏洞

The Monkeybread MBS DynaPDF Plugin is a PDF processing component developed by the Monkeybread company. Version 21.3.1.1 of the Monkeybread MBS DynaPDF Plugin contains a security vulnerability. This vulnerability stems from a stack overflow issue in the ZBarcodeEncode function, which may lead to a...

PT-2026-7889

Name of the Vulnerable Software and Affected Versions Monkeybread Software MBS DynaPDF Plugin version 21.3.1.1 Description A stack overflow exists in the ZBarcode Encode function. This issue allows attackers to cause a Denial of Service DoS by providing a crafted input. Recommendations Update to ...

CVE-2025-67432

A stack overflow in the ZBarcodeEncode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service DoS via a crafted input...

SUSE CVE-2026-23064

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...

CVE-2026-23064

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...

UBUNTU-CVE-2026-23064

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...

CVE-2026-23064 net/sched: act_ife: avoid possible NULL deref

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...

CVE-2026-23064

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...

EUVD-2026-5480

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...

CVE-2026-23064

CVE-2026-23064 affects the Linux kernel’s net/sched implementation, specifically the act_ife action. The vulnerability is a NULL pointer dereference in tcf_ife_encode()/ife_encode() that could trigger a general protection fault/oops when a NULL is encountered. The provided trace shows the fault p...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005131)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005131 advisory. In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case,...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the gbase64encodeclose function. An attacker can cause memory corruption or application crashes by providing excessively large or untrusted input data. Remediation A fix was pushed into the master branch but not...

SUSE-SU-2026:20156-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: heap buffer overflow in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib gbase64encodestep bsc1246114. - CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents...

SUSE-SU-2026:20128-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: heap buffer overflow in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib gbase64encodestep bsc1246114. - CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents...