23030 matches found
CVE-2026-43906 OpenImageIO: HEIF Heap overflow
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...
RLSA-2026:17533 Important: gimp:2.8 security update
The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:Memo...
pyzipper has an encryption bypass for small files encrypted using it
Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...
GHSA-CRQM-M339-7M2P pyzipper has an encryption bypass for small files encrypted using it
Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...
CVE-2026-42593
CVE-2026-42593 affects Gotenberg: multiple routes (merge, split, LibreOffice convert, chromium convert variants) improperly accept stampSource=pdf/stampExpression and watermarkSource=pdf/watermarkExpression from anonymous callers. If stampExpression or watermarkExpression points to a file path th...
Use of Externally-Controlled Format String
Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Format String in the timeofday function when processing crafted timezone zones. An attacker can access portions of server memory by supplying specially crafted input to the timeofday function. Remediation A...
ALPINE-CVE-2026-6474
Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...
CVE-2026-6474
Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...
UBUNTU-CVE-2026-6474
Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...
CVE-2026-6474
Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...
CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory
Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...
CVE-2026-6474
Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...
CVE-2026-6474
CVE-2026-6474 involves PostgreSQL's timeofday() function, where an externally-controlled format string can cause memory disclosure. The vulnerability arises from crafted timezone zones and affects PostgreSQL versions before 18.4, 17.10, 16.14, 15.18, and 14.23. The connected documents provide the...
RLSA-2026:16693 Important: jq security update
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...
SUSE CVE-2003-0098
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server...
SUSE CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...
OpenImageIO 缓冲区错误漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from a signe...
OpenImageIO 安全漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and a large number of supported image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained security vulnerabilities. These vulnerabilities were caused by...
Medium: amazon-ecr-credential-helper
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
PostgreSQL -- Multiple vulnerabilities
The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's...