GNU C Library 安全漏洞

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library 2.43 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a buffer overflow in the nislocalprincipal function,...

PT-2026-33851

Name of the Vulnerable Software and Affected Versions glibc versions 2.7 through 2.43 Description Calling the scanf family of functions using a %mc malloc'd character match with a format width specifier that has an explicit width greater than 1024 can lead to a one byte heap buffer overflow...

GNU Sed 安全漏洞

GNU Sed is a command-line tool in the GNU community in the United States, used for text stream editing and batch processing. GNU Sed has a security vulnerability that arises from a race condition when both the -i and --follow-symlinks options are used simultaneously, which may allow attackers to...

PT-2026-33852

Name of the Vulnerable Software and Affected Versions gnu C Library versions prior to 2.44 Description Calling the ungetwc function on a FILE stream with wide characters encoded in a character set with overlaps between single byte and multi-byte character encodings can lead to an attempt to read...

PT-2026-33850

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.44 Description The obsolete nis local principal function may overflow a buffer in the data section. This allows an attacker to spoof a crafted response to a UDP request generated by this function and overwrite...

GNU C Library 安全漏洞

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library 2.43 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of the ungetwc function on character sets with...

SUSE CVE-2003-0354

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job...

Photon OS 5.0: Glibc PHSA-2026-5.0-0824

An update of the glibc package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0824. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE CVE-2026-40918

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service DoS. This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted P...

Security update for rust1.93

This update for rust1.93 fixes the following issues: Security issue: CVE-2026-31812: denial of service via crafted QUIC initial packet bsc1259623. Non security issue: Resolve missing gcc requirement that may affect some crate buildin bsc1253321. Patch Instructions: To install this SUSE update use...

EUVD-2026-23096

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

EUVD-2026-23028

A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service DoS, leading to the plugin crashing and potential...

JLSEC-2026-118

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007...

JLSEC-2026-120

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

SUSE-SU-2026:1369-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response bsc1260078. - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions bsc1260082...

PT-2026-33128

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icns slurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that proces...

CLSA-2026-1776176227 glibc: Fix of 2 CVEs

CVE-2026-4437: fix incorrect record counting in getanswerptr that allowed iteration past the answer section boundary in DNS responses - CVE-2026-4438: fix hostname validation checking expectedname instead of namebuffer in getanswerptr, which could return invalid hostnames...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-013 (ALASGIMP-2026-013)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-013 advisory. A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP's PCX file loader due to an off- by-one error. A remote...

Unbounded allocation for old GNU sparse in archive/tar

...

CVE-2026-4151

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...