402 matches found
EUVD-2026-20897
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
ruby: Arbitrary memory address read vulnerability with Regex search
A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...
Orthanc 安全漏洞
Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from an out-of-bounds read in the DecodePsmctRle1 function. This vulnerability may allow the decoder to read data beyond the allocated memory area, potentially exposing heap...
Linux Distros Unpatched Vulnerability : CVE-2026-5445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability exists in the DecodeLookupTable function within DicomImageDecoder.cpp. The lookup-table decoding logic used for PALETTE COLO...
CVE-2026-35444
SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...
CVE-2026-5673
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI Audio Video Interleave parser, specifically in the aviparseinputfile function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a...
CVE-2023-7340
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...
EUVD-2023-60542
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...
CVE-2023-7340
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005379)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005379 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containin...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the PSD format handler when processing a specially crafted file containing ZIP-compressed layer data that decompresses to less than the expected size. An attacker can obtain sensitive information from uninitialize...
MiracleLinux 7 : php-5.4.16-48.0.5.el7.AXS7 (AXSA:2025-9709:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9709:01 advisory. CVE-2024-8929: fix various heap buffer over-reads CVEs: CVE-2024-8929 In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile...
CVE-2021-0484
In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...
CVE-2021-0435
In avrcprocvendorcommand of avrcapi.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8....
CVE-2025-20760
In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-20760
In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-20760
CVE-2025-20760 concerns a vulnerability in Modem where an uncaught exception allows reading uninitialized heap data, enabling remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction, and no privileges beyond network access are needed (attack ...
MediaTek chipsets 安全漏洞
MediaTek Chipsets is a line of chipsets from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek chipsets that stems from an uncaught exception leading to the reading of uninitialized heap data, which could lead to a remote denial of service...
PT-2026-1365
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A flaw exists in Modem that may lead to a remote denial of service. This issue stems from a read of uninitialized heap data caused by an uncaught exception. An attacker can exploit this by havi...