Lucene search
K

17 matches found

AlpineLinux
AlpineLinux
added 2026/06/11 6:33 p.m.7 views

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

8CVSS5.7AI score0.00224EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.13 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007248 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 binder: avoid potential dat...

5.5CVSS6.1AI score0.00423EPSS
Exploits0References4
OSV
OSV
added 2026/03/13 8:56 p.m.2 views

GHSA-J47W-4G3G-C36V file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry

Summary A crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. In affected versions, the ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a...

5.3CVSS5.9AI score0.00299EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/09/16 4:11 p.m.2 views

CVE-2023-53320 scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...

6.1AI score0.00141EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/01 3:41 a.m.4 views

Heap-based Buffer Overflow

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The nativeImage.createFromPath or nativeImage.createFromBuffer APIs in Electron...

7.3CVSS7.9AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2025/07/01 1:55 a.m.4 views

CVE-2024-46993 Electron Vulnerable to Heap Buffer Overflow in NativeImage::CreateFromPath

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath and nativeImage.createFromBuffer functions call a function downstream that is vulnerable to a heap...

7.3CVSS7.4AI score0.00126EPSS
Exploits0References3
OSV
OSV
added 2025/06/30 6:41 p.m.2 views

GHSA-6R2X-8PQ8-9489 Electron vulnerable to Heap Buffer Overflow in NativeImage

Impact The nativeImage.createFromPath and nativeImage.createFromBuffer functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's...

7.3CVSS6.2AI score0.00126EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.10 views

The vulnerability of the hb_cairo_glyphs_from_buffer() function in the Harfbuzz text transformation library allows a hacker to execute arbitrary code.

The vulnerability of the hbcairoglyphsfrombuffer function in the Harfbuzz text transformation library is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS6.3AI score0.00643EPSS
Exploits1References5Affected Software2
Amazon
Amazon
added 2025/02/21 12:0 a.m.7 views

Medium: harfbuzz

Issue Overview: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.6.20250218 or dnf update...

9.3CVSS7.3AI score0.00643EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2025/01/17 8:0 a.m.3 views

HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer

...

9.3CVSS5.3AI score0.00643EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/01/01 12:20 a.m.4 views

SUSE CVE-2024-56732

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...

8.8CVSS7.5AI score0.00643EPSS
Exploits1References3
OSV
OSV
added 2024/04/25 6:15 a.m.4 views

DEBIAN-CVE-2024-26926

In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 "binder: avoid potential data leakage when copying txn" introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset...

5.5CVSS5.3AI score0.00423EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the removal of an offset alignment check done by calling binderalloccopyfrombuffer - checkbuffer...

5.5CVSS7.1AI score0.00423EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/07/07 12:0 a.m.6 views

The vulnerability of the `formatIPTCfromBuffer` function in the `coders/meta.c` component of the ImageMagick console graphics editor allows an attacker to access confidential data and cause a service failure.

The vulnerability of the formatIPTCfromBuffer function in the coders/meta.c file of the ImageMagick console graphics editor involves an operation that outputs values within acceptable buffer limits. Exploiting this vulnerability allows an attacker to access confidential data and also trigger a...

7.1CVSS7.1AI score0.01254EPSS
Exploits0References11Affected Software3
OSV
OSV
added 2021/04/16 12:0 a.m.10 views

OSV-2021-640 Heap-buffer-overflow in frame_get_metalayers

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33251 Crash type: Heap-buffer-overflow READ 6 Crash state: framegetmetalayers frametoschunk blosc2schunkfrombuffer...

7.2AI score
Exploits0References1
OSV
OSV
added 2019/04/30 12:0 a.m.5 views

UBUNTU-CVE-2019-10131

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program...

7.1CVSS6.9AI score0.01254EPSS
Exploits0References4
CNVD
CNVD
added 2016/03/09 12:0 a.m.4 views

JasPer Memory Leak Vulnerability

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A memory leak vulnerability exists in the 'jasiccprofcreatefrombuf' function in JasPer, which can be exploited by remote attackers to cause a denial of service memory consumption...

5.7CVSS7.5AI score0.02975EPSS
Exploits0References1
Rows per page
Query Builder