8 matches found
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 460017370 High CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2025-11-12 450328966 High CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep on 2025-10-09...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 452296415 High CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep on 2025-10-15...
CVE-2025-59728
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...
CVE-2025-59733
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...
CVE-2025-59734
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...
CVE-2025-59730
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadOneJNGImage function. An attacker can access data on the heap or cause memory corruption by tricking a user into processing a specially crafted image file. Remediation A fix was pushed into the...
PT-2025-40347
Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An off-by-one error exists in V8. This issue was identified by Google and addressed in Chromium. Microsoft Edge, being Chromium-based, also ingests fixes for this issue. Recommendations At t...