639 matches found
CVE-2026-7840
CVE-2026-7840 (UltraVNC repeater) : A global buffer overflow in the embedded HTTP administration server affects UltraVNC repeater versions up to 1.8.2.2. The functions wi_senderr() and wi_replyhdr() copy the caller-supplied HTTP request URI into a fixed 1000-byte buffer (hdrbuf) using unchecked s...
CVE-2026-41992
GNU gzip is affected by a global buffer overflow in the LZH decompression logic caused by reusing a shared global state across LZ77/LZW/LZH within a single run. The vulnerability arises from a global array not reinitialized between files, enabling an attacker to deplete or poison the shared state...
CVE-2026-41992 Global Buffer Overflow in GNU gzip
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
CVE-2026-41992
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
CVE-2026-41992
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a global-buffer-overflow issue was observed during FreeRDP’s Base64 decoding process. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char values are treated...
OSV-2026-863 Global-buffer-overflow in cram_decoder_init
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519841736 Crash type: Global-buffer-overflow READ 8 Crash state: cramdecoderinit cramdecodecompressionheader cramnextslice...
PT-2026-49602
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519841736 Crash type: Global-buffer-overflow READ 8 Crash state: cram decoder init cram decode compression header cram next slice...
php: global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
A flaw was found in PHP. When an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, an out-of-bounds read of only 1 byte can occur due to the incorrect processing of string lengths. This issue can cause a denial of service or limited...
Astra Linux – Vulnerability in SOX
A flaw was discovered in sox 14.4.1. The lsxadpcminit function within libsox causes a global-buffer-overflow. This flaw allows an attacker to introduce a malicious file, resulting in the disclosure of sensitive information...
Astra Linux – Vulnerability in aom
It was discovered that AOM v2.0.1 contains a global buffer overflow issue through the component av1/encoder/partitionsearch.h...
Astra Linux – Vulnerability in fig2dev
Fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: orangefs: The issue with memory leaks in orangefskernel,clientdebuginit was fixed. When the orangefs module is inserted or removed, memory leaks occur as follows: unreferenced object 0xffff88816b0cc000 size 2048: comm "insmod", p...
Astra Linux – Vulnerability in libxml2
The GNOME project’s libxml2 v2.9.10 has a global buffer over-read vulnerability in the xmlEncodeEntitiesInternal function within libxml2/entities.c. This issue has been fixed in the commit numbered 50f06b3e...
OSV-2026-727 Global-buffer-overflow in md_start_new_block
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512429152 Crash type: Global-buffer-overflow READ 4 Crash state: mdstartnewblock mdparse mdhtml...
BIT-PHP-MIN-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
JLSEC-2026-408
A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...
JLSEC-2026-204
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbgtypevalue at /output/outdbg.c...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...