GNU ncurses buffer overflow vulnerability

GNU ncurses is an American GNU community programming library for creating user interfaces on text-based terminals. GNU ncurses suffers from a buffer overflow vulnerability that originates from a boundary error in the function postprocesstermcap when processing untrusted input. An attacker could...

gimp: Multiple heap buffer overflows in TGA parser

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

ALSA-2025:9448 Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 For more details about th...

ALSA-2025:9420 Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

ALSA-2025:9431 Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

CLSA-2025-1750697072 glibc: Fix of CVE-2025-4802

CVE-2025-4802: fix issue of untrusted LDLIBRARYPATH environment variable vulnerability by restricting loading of dynamically shared libraries in statically compiled setuid binaries...

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

PT-2025-28195 · Gnu +1 · Gpac +1

Уязвимость функции gf dash group get audio channels media tools/dash client.c утилиты MP4Box мультимедийной платформы GPAC связана с разыменованием указателей при обработке DASH-манифестов. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код или вызвать отказ в обслужива...

CVE-2025-6141

A flaw was found in gnu-ncurses. The postprocesstermcap function in tinfo/parseentry.c is susceptible to a stack-based buffer overflow due to improper bounds checking during termcap entry processing. This flaw allows a local attacker to trigger the overflow via a crafted termcap file, leading to ...

CVE-2025-6141

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...

CVE-2025-6141

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...

CVE-2025-6141 GNU ncurses parse_entry.c postprocess_termcap stack-based overflow

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...

CVE-2025-6141 GNU ncurses parse_entry.c postprocess_termcap stack-based overflow

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...

CVE-2025-6141

CVE-2025-6141 affects GNU ncurses up to 6.5-20250322, with a stack-based buffer overflow in the function postprocess_termcap of tinfo/parse_entry.c . Exploitation is local (no remote vector described). Affected distributions in the connected advisories indicate EulerOS releases and OpenVAS/Nessus...

CVE-2025-6141

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...

Astra Linux – Vulnerability in binutils

A vulnerability, classified as critical, was discovered in GNU Binutils 2.43. The affected function is bfdelfrelocsymboldeletedp in the file bfd/elflink.c of the ld component. This manipulation leads to memory corruption. The attack can be launched remotely. The complexity of the attack is...

Astra Linux – Vulnerability in binutils

A vulnerability was discovered in GNU Binutils 2.43 and is classified as critical. This issue affects the function bfdelfgcmarkrsec in the file elflink.c of the component ld. The vulnerability leads to a heap-based buffer overflow. The attack can be initiated remotely. The complexity of the attac...

Astra Linux – Vulnerability in binutils

A vulnerability, classified as problematic, was discovered in GNU Binutils up to version 2.43. This vulnerability affects the disassemblebytes function in the file binutils/objdump.c. Manipulation of the buf argument leads to a stack-based buffer overflow. The attack can be initiated remotely. Th...

TencentOS Server 3: cpio (TSSA-2022:0199)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0199 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...