OSV-2026-608 Stack-buffer-overflow in is_http

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504809218 Crash type: Stack-buffer-overflow READ Crash state: ishttp stungetmessagelenstr FuzzStunClient.c...

OSV-2026-605 Heap-buffer-overflow in DwaCompressor_uncompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155 Crash type: Heap-buffer-overflow WRITE Crash state: DwaCompressoruncompress internalexrundodwaa exruncompresschunk...

OSV-2026-603 UNKNOWN READ in <wasmtime::runtime::func::Func>::call_unchecked_raw::<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504268343 Crash type: UNKNOWN READ Crash state: ::calluncheckedraw::::callimpldocall:: wasmtimeinternalfiber::stackswitch::x8664::wasmtimefiberstart...

OSV-2026-600 Heap-buffer-overflow in skcms_private::baseline::clut

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504261818 Crash type: Heap-buffer-overflow READ 8 Crash state: skcmsprivate::baseline::clut skcmsprivate::baseline::execstages skcmsprivate::baseline::runprogram...

OSV-2026-582 Use-of-uninitialized-value in H5S_select_hyperslab

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=502905691 Crash type: Use-of-uninitialized-value Crash state: H5Sselecthyperslab H5Dchunkioinit H5Dread...

OSV-2026-565 Heap-buffer-overflow in xmlFAParsePosCharGroup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=501547873 Crash type: Heap-buffer-overflow READ 1 Crash state: xmlFAParsePosCharGroup xmlFAParseCharGroup xmlFAParseCharGroup...

OSV-2026-563 UNKNOWN READ in bfd_getl32

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=501547869 Crash type: UNKNOWN READ Crash state: bfdgetl32 m32relflo16reloc bfdperformrelocation...

OSV-2026-548 UNKNOWN in ojph::local::precinct::parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=500177411 Crash type: UNKNOWN Crash state: ojph::local::precinct::parse ojph::local::resolution::parseoneprecinct ojph::local::tile::parsetileheader...

OSV-2026-535 Security exception in org.htmlunit.cyberneko.HTMLTagBalancer.endElement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499447433 Crash type: Security exception Crash state: org.htmlunit.cyberneko.HTMLTagBalancer.endElement java.base/sun.nio.cs.CESU8.updatePositions java.base/sun.nio.cs.CESU8$Encoder.encodeArrayLoop...

OSV-2026-532 Heap-buffer-overflow in regsub

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499446092 Crash type: Heap-buffer-overflow READ 1 Crash state: regsub formatreplace formatexpand1...

OSV-2026-514 Heap-buffer-overflow in format_expand1

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498472071 Crash type: Heap-buffer-overflow READ 1 Crash state: formatexpand1 formatexpand format-fuzzer.c...

OSV-2026-512 Heap-buffer-overflow in g_utf8_get_char

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498475244 Crash type: Heap-buffer-overflow READ 1 Crash state: gutf8getchar gmarkupescapetext fuzzmarkupescapetext.c...

OSV-2026-504 Heap-use-after-free in ObjectStream::getObject

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498251261 Crash type: Heap-use-after-free READ 4 Crash state: ObjectStream::getObject XRef::fetch XRef::fetch...

UBUNTU-CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

CVE-2025-66037 OpenSC: Out of Bounds vulnerability

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

OSV-2026-461 UNKNOWN READ in XRef::constructObjectEntry

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=495914144 Crash type: UNKNOWN READ Crash state: XRef::constructObjectEntry XRef::constructXRef XRef::XRef...

UBUNTU-CVE-2026-23265

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...

OSV-2026-417 Segv on unknown address in arrow::Array::IsNull

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=493063924 Crash type: Segv on unknown address Crash state: arrow::Array::IsNull arrow::Status arrow::VisitArrayInline arrow::ArrayPrinter::Print...

OSV-2026-392 UNKNOWN READ in pcpp::BgpLayer::getHeaderLen

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=491687588 Crash type: UNKNOWN READ Crash state: pcpp::BgpLayer::getHeaderLen pcpp::Packet::shortenLayer pcpp::Layer::shortenLayer...

OSV-2026-384 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=491529466 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.nio.CharBuffer.wrap java.base/sun.nio.cs.StreamEncoder.implWrite...