CVE-2026-10725 Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

DEBIAN-CVE-2011-3944

The smackerdecodeheadertree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data...