CVE-2026-45613

CVE-2026-45613 affects Rizin; a heap-buffer-overflow is reported in the OMF parser (librz/bin/format/omf/omf.c). The vulnerability is mitigated by the commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47. CVSSv3.1 vector from the entry: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N with base score 3.3 (LOW). Th...

CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

CVE-2026-38719

OpENer 2.3-558-g1e99582 contains an out-of-bounds read in the CPF parser (CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c). A crafted ENIP/CPF message can supply an attacker-controlled item_count that is not consistently validated against the remaining data_length of the CPF sl...

CVE-2026-35176

CVE-2026-35176 concerns openFPGALoader (1.1.1 and earlier) with a heap-buffer-overflow in POFParser::parseSection() while parsing crafted .pof files. The issue allows out-of-bounds heap memory access and does not require FPGA hardware to trigger. Impact per data shows high severity in confidentia...

SUSE-SU-2026:20907-1 Security update for protobuf

This update for protobuf fixes the following issues: Security fixes: - CVE-2025-4565: Fixed parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that could lead to crash due to RecursionError bsc1244663. - CVE-2026-0994: Fixed google.protobuf.A...

music-metadata 安全漏洞

music-metadata is an audio file metadata extraction library developed by Borewit’s individual developers. Versions of music-metadata prior to 11.12.3 contained a security vulnerability. This vulnerability stemmed from the ASF parser improperly handling objects with an objectSize of 0, which could...

CLSA-2026-1771857969 Fix CVE(s): CVE-2025-14087, CVE-2025-14512

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-1408714512.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX - CVE-2025-14087 SECURITY UPDATE: Integer overflow in escapebytestring leads to...

CLSA-2026-1771857296 Fix CVE(s): CVE-2025-14087

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-14087.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX, and fix integer overflow in escapebytestring for byte strings with many invalid...

CLEANSTART-2026-LA13761 vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device

Multiple security vulnerabilities affect the clamav package. A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. See references for individual vulnerability details...

MiracleLinux 8 : python-pillow-5.1.1-16.el8 (AXSA:2021-2760:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2760:01 advisory. python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25287 python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25288...

EUVD-2023-39180

Malicious code in bioql PyPI...

gimp: Multiple use after free in XCF parser

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

CVE-2023-35177

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser...

grub2: reader/jpeg: Heap OOB Write during JPEG parsing

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded...

Tracker Software PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing documents in PDF format from Tracker Software, a Canadian company. Tracker Software PDF-XChange Editor suffers from a buffer error vulnerability that stems from the JB2 file parsing module containing an out-of-boun...

CVE-2024-36474

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-boun...

DEBIAN-CVE-2023-29451

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

CVE-2023-35177

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser...

CVE-2023-35177

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser...

MGASA-2023-0151 Updated openimageio packages fix security vulnerability

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensiti...