CVE-2026-24783

soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was...

soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

Impact Incorrect rounding direction for signed mul and div operations The mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be...

GHSA-X5M4-43JF-HH65 soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

Impact Incorrect rounding direction for signed mul and div operations The mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be...

EUVD-2026-4710

soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives...

CVE-2026-24783 soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was...

CVE-2026-24783

The CVE-2026-24783 issue in soroban-fixed-point-math causes incorrect rounding in mulDiv when both the intermediate product and the divisor are negative, affecting signed FixedPoint implementations (i64, i128, I256) in versions 1.3.0 and 1.4.0. A patch exists in v1.3.1 and v1.4.1; every version &...

CVE-2026-24783 soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was...

CVE-2026-24783

soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was...

CVE-2026-24783 soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was...

PT-2026-5030

Name of the Vulnerable Software and Affected Versions soroban-fixed-point-math versions 1.3.0 through 1.4.0 Description The mulDivx, y, z function in soroban-fixed-point-math incorrectly handles cases where both the intermediate product x y and the divisor z are negative. The logic incorrectly...

soroban-fixed-point-math security vulnerability

Soroban-Fixed-Point-Math is a mathematical computing code library open source by Script3. Versions 1.3.0 and 1.4.0 of Soroban-Fixed-Point-Math have security vulnerabilities. These vulnerabilities stem from improper handling of negative intermediate products and negative divisors in the mulDiv...

EUVD-2019-2089

Malware in sbrugna...

DEBIAN-CVE-2024-35985

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Prevent vlag from going out of bounds in reweighteevdf It was possible to have pickeevdf return NULL, which then causes a NULL-deref. This turned out to be due to entityeligible returning falsely negative because of ...

CVE-2024-35985 sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Prevent vlag from going out of bounds in reweighteevdf It was possible to have pickeevdf return NULL, which then causes a NULL-deref. This turned out to be due to entityeligible returning falsely negative because of ...

D.O.S due to wrong scaling factor

Lines of code Vulnerability details Impact The cNote token which is a fork of the CToken contract has a scaling method used to handle the exchange rate between CToken and the underlying token. This method helps scale the exchange rate because solidity doesn't handle fixed-point decimals. The...

Pricing inconsistencies introduced via rounding/truncation errors

Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...

Decimal Precision Issue in Price Calculations

Lines of code Vulnerability details Impact The getRSETHPrice function perform calculations like multiplying prices by amounts without considering the token decimals. This can cause errors to accumulate over multiple calculations. Ignoring token decimals when performing price calculations can caus...

Integer Overflow in function lsr_translate_coords

Description Integer Overflow in function lsrtranslatecoords at laser/lsrdec.c:853 gpac version git log commit ea3af7c8242d1a82657dc3a518df5a5b1b5e27ed HEAD - master, origin/master, origin/HEAD Author: Romain Bouqueau Date: Tue Jun 28 19:25:58 2022 +0200 POC ./MP4Box -bt ./pocintof1s.dat...

Linux: Read /etc/ntp.conf (KB)

The ntpd program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol NTP version 4, but also retains compatibility with version 3, as defined by RFC-1305, and...

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information...