EUVD-2026-33436

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdpbitmapdecompressplanar validates the X destination coordinate nXDst against the...

CVE-2026-48131 - VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

Symptoms - The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality. - The...

CVE-2026-8507 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

EUVD-2026-30412

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

SUSE-SU-2026:21640-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues Security issues: - CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251. - CVE-2026-4890: DoS vulnerability in the DNSSEC validation bsc1265001. - CVE-2026-4891: heap-based out-of-bounds re...

CVE-2026-4892

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet...

CVE-2026-4775

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

CVE-2026-30937

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD X Windows encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002419)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002419 advisory. The Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGLOGITECHFF, CONFIGLOGIG940FF, or CONFIGLOGIWHEELSFF is enabled, allows physical...

EUVD-2017-4022

Malware in sbrugna...

EUVD-2021-7728

Malicious code in bioql PyPI...

CVE-2023-30646

Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code...

grub2: fs/ufs: OOB write in the heap

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

AZL-57614 CVE-2024-45780 affecting package grub2 for versions less than 2.06-15

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap...

CVE-2023-3090 Out-of-bounds write in Linux kernel's ipvlan network driver

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb-cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIGIPVLAN is enabled. We...

SUSE CVE-2022-3775

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...

SUSE-SU-2021:1815-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...

Heap Overrun Write Vulnerability in ABC Lookalike (CNVD-2020-62788)

ABC Viewer is a permanent free image viewing software, intelligently turns on hardware acceleration and supports a variety of image formats. A heap out-of-bounds write vulnerability exists in ABC Viewer. An attacker can exploit the vulnerability to cause the software to crash...

Heap Overwrite Vulnerability in Light and Shadow Magic Hand of Shenzhen Xunlei.com Culture Limited (CNVD-2020-58811)

LightShadow Magic Hand is a software for improving and enhancing image quality and effect processing. Shenzhen Xunlei.com Culture Co., Ltd LightShadow Magic Hand has a heap of out-of-bounds writing vulnerabilities, an attacker can construct a special picture to cause the software to crash, and ca...

UBUNTU-CVE-2013-2893

The Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGLOGITECHFF, CONFIGLOGIG940FF, or CONFIGLOGIWHEELSFF is enabled, allows physically proximate attackers to cause a denial of service heap-based out-of-bounds write via a crafted device, related to 1...