MGASA-2026-0002 Updated wget2 packages fix security vulnerability

Arbitrary File Write via Metalink Path Traversal in GNU Wget2. CVE-2025-69194...

OESA-2026-1015 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

OESA-2026-1013 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

CVE-2023-25222

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bitreadRC function at bits.c...

CVE-2018-14471

dwgobjblockcontrolgetblockheaders in dwgapi.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service NULL pointer dereference and SEGV via a crafted dwg file...

CVE-2019-18862

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode...

CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

CVE-2019-20014

An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwgfree in free.c...

CVE-2019-20915

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bitwriteTF in bits.c...

CVE-2019-20911

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bitcalcCRC in bits.c, related to a for loop...

CVE-2019-20012

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwgdecodeHATCHprivate in dwg.spec...

CVE-2019-20912

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bitreadTF...

CVE-2019-20013

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode3dsolid in dwg.spec...

CVE-2019-20914

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwgencodecommonentityhandledata in commonentityhandledata.spec...

AZL-73904 CVE-2025-69195 affecting package wget for versions less than 2.1.0-7

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

CVE-2025-69195

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69195

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69195 Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...