OPENSUSE-SU-2026:20842-1 Security update for openjpeg2

This update for openjpeg2 fixes the following issue - CVE-2025-54874: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of- bounds heap memory write bsc1247650...

PT-2026-47112

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj jp2 read header may lead to OOB heap memory write when the data stream p stream is too short and p image is not initialized...

CVE-2026-33986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

SUSE-SU-2026:0498-1 Security update for openssl1

This update for openssl1 fixes the following issues: - CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

EUVD-2025-23631

Malicious code in bioql PyPI...

RLSA-2025:13944 Important: openjpeg2 security update

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fixes: openjpeg: OpenJPEG OOB heap memory write CVE-2025-54874 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer ...

Oracle Linux 10 : openjpeg2 (ELSA-2025-13944)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-13944 advisory. 2.5.2-4.1 - fix OpenJPEG OOB heap memory write CVE-2025-54874 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2025-54874 OpenJPEG allows OOB heap memory write in opj_jp2_read_header

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

CVE-2025-54874

OpenJPEG (JPEG 2000 codec) contains a vulnerability CVE-2025-54874: in OpenJPEG 2.5.1–2.5.3, a call to opj_jp2_read_header may cause an out-of-bounds heap write when the data stream is too short and p_image is not initialized. This is referenced across multiple security advisories and vendors (Ub...

CVE-2025-54874 OpenJPEG allows OOB heap memory write in opj_jp2_read_header

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

CVE-2022-2566 Heap-memory write in FFMPEG

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in buildopengopkeypoints goes through all entries in the loop and adds sc-cttsdatai.count to sc-sampleoffsetscount. This can lead to an integer overflow resulting in a small allocation with avcalloc. An...

CVE-2022-2566 Heap-memory write in FFMPEG

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in buildopengopkeypoints goes through all entries in the loop and adds sc-cttsdatai.count to sc-sampleoffsetscount. This can lead to an integer overflow resulting in a small allocation with avcalloc. An...

OESA-2022-1596 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52...

CVE-2019-11500

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

[ASA-201712-4] vlc: arbitrary code execution

Arch Linux Security Advisory ASA-201712-4 ========================================= Severity: Critical Date : 2017-12-07 CVE-ID : CVE-2017-10699 CVE-2017-9300 Package : vlc Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-533 Summary ======= The package vlc...

Updated vlc packages fix security vulnerability

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution CVE-2017-10699. The VLC packages have been updated to version 2.2.8, which...

UBUNTU-CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...

CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...

CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...