17 matches found
CVE-2026-52860
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007248)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007248 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 binder: avoid potential dat...
GHSA-J47W-4G3G-C36V file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry
Summary A crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. In affected versions, the ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a...
CVE-2023-53320 scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...
Heap-based Buffer Overflow
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The nativeImage.createFromPath or nativeImage.createFromBuffer APIs in Electron...
CVE-2024-46993 Electron Vulnerable to Heap Buffer Overflow in NativeImage::CreateFromPath
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath and nativeImage.createFromBuffer functions call a function downstream that is vulnerable to a heap...
GHSA-6R2X-8PQ8-9489 Electron vulnerable to Heap Buffer Overflow in NativeImage
Impact The nativeImage.createFromPath and nativeImage.createFromBuffer functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's...
The vulnerability of the hb_cairo_glyphs_from_buffer() function in the Harfbuzz text transformation library allows a hacker to execute arbitrary code.
The vulnerability of the hbcairoglyphsfrombuffer function in the Harfbuzz text transformation library is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Medium: harfbuzz
Issue Overview: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.6.20250218 or dnf update...
HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer
...
SUSE CVE-2024-56732
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...
DEBIAN-CVE-2024-26926
In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 "binder: avoid potential data leakage when copying txn" introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the removal of an offset alignment check done by calling binderalloccopyfrombuffer - checkbuffer...
The vulnerability of the `formatIPTCfromBuffer` function in the `coders/meta.c` component of the ImageMagick console graphics editor allows an attacker to access confidential data and cause a service failure.
The vulnerability of the formatIPTCfromBuffer function in the coders/meta.c file of the ImageMagick console graphics editor involves an operation that outputs values within acceptable buffer limits. Exploiting this vulnerability allows an attacker to access confidential data and also trigger a...
OSV-2021-640 Heap-buffer-overflow in frame_get_metalayers
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33251 Crash type: Heap-buffer-overflow READ 6 Crash state: framegetmetalayers frametoschunk blosc2schunkfrombuffer...
UBUNTU-CVE-2019-10131
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program...
JasPer Memory Leak Vulnerability
JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A memory leak vulnerability exists in the 'jasiccprofcreatefrombuf' function in JasPer, which can be exploited by remote attackers to cause a denial of service memory consumption...