OSV-2026-886 Heap-buffer-overflow in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520748344 Crash type: Heap-buffer-overflow WRITE 8 Crash state: ihevcdfmtconv ihevcddecode Codec::decodeFrame...

SUSE CVE-2026-46210

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmtsrc during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst-lock while the core-lock protects the list of active instances. T...

PT-2026-44333

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the iris media driver. A race condition occurs because the inst-lock protects individual instance internals while the core-lock protects the active instance...

OSV-2026-805 Heap-buffer-overflow in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515832483 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv ihevcddecode ihevcdcxaapifunction...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: vivid: Changed the size of the composition Syzkaller discovered a bug: BUG: KASAN: Out-of-bounds access to memory during tpgfillplanepattern in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 inline BUG: KASAN:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fixed a null-point-dereference issue in fmtsinglename. Check the return value of devmkstrdup in case of null-point-dereference...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.95.0-5.hum1 aarch64, x8664 clippy-1.95.0-5.hum1 aarch64, x8664 rust-1.95.0-5.hum1 aarch64, x8664 rust-analyzer-1.95.0-5.hum1 aarch64, x8664 rust-debugger-common-1.95.0-5.hum1 noarch...

JLSEC-2026-447

Buffer Overflow vulnerability in fmtentry function in progs/dumpentry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

JLSEC-2026-448

Buffer Overflow vulnerability in fmtentry function in progs/dumpentry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

NewStart CGSL MAIN 6.06 (SP) : ncurses Multiple Vulnerabilities (NS-SA-2026-0020)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has ncurses packages installed that are affected by multiple vulnerabilities: - In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

OSV-2026-244 Use-of-uninitialized-value in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=484466027 Crash type: Use-of-uninitialized-value Crash state: ihevcdfmtconv ihevcdprocessthread...

Malicious code in debug-fmt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049bf4db6a598df3cc4db93a71b765670e9b94be0c835ae183fd91c13fe99d8b The package debug-fmt was found to contain malicious code. Source: ghsa-malware 1f7e76c50ec40bd53847463f61469ebfb4691c221c290d98fed82736214216cc Any...

Malicious Package

Overview debug-fmt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2026-566 Malicious code in debug-fmt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049bf4db6a598df3cc4db93a71b765670e9b94be0c835ae183fd91c13fe99d8b The package debug-fmt was found to contain malicious code. Source: ghsa-malware 1f7e76c50ec40bd53847463f61469ebfb4691c221c290d98fed82736214216cc Any...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38226)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38226 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003785 advisory. In the Linux kernel through 5.3.8, f-fmt.sdr.reserved is uninitialized in rcardrifgfmtsdrcap in drivers/media/platform/rcardrif.c, which could cause a memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993058)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993058 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in registersynthevent In registersynthevent, if...

Security update for net-tools

This update for net-tools fixes the following issues: Fixed stack buffer overflow in parsehex, procgenfmt, ax25 and netrom bsc1248687 Fixed stack overflow in ax25 and netrom bsc1248687 CVE-2025-46836: Fixed stack buffer overflow caused by the absence of bound checks bsc1243581 Patch Instructions:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : net-tools (SUSE-SU-2025:03260-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03260-1 advisory. Security issues fixed: - CVE-2025-46836: missing bounds check in getname may lead to a stack buffer...

Security update for net-tools

This update for net-tools fixes the following issues: Security issues fixed: Avoid unsafe use of memcpy in ifconfig bsc1248687. Prevent overflow in ax25 and netrom bsc1248687. Fix stack buffer overflow in parsehex bsc1248687. Fix stack buffer overflow in procgenfmt bsc1248687. Other issues fixed:...