Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001277)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001277 advisory. The xfsdinodeverify function in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service xfsilockattrmapshared...

SUSE CVE-2016-10270

LibTIFF 4.0.7 allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tifread.c:523:22...

SUSE CVE-2021-39257

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain starting from ntfsattrpwrite, causing stack consumption in NTFS-3G 2021.8.22...

SUSE CVE-2021-39258

A crafted NTFS image can cause out-of-bounds reads in ntfsattrfind and ntfsexternalattrfind in NTFS-3G 2021.8.22...

CVE-2021-1880

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution...

AZL-6765 CVE-2021-39260 affecting package ntfs-3g for versions less than 2021.8.22-1

A crafted NTFS image can cause an out-of-bounds access in ntfsinodesyncstandardinformation in NTFS-3G 2021.8.22...

DEBIAN-CVE-2021-39251

A crafted NTFS image can cause a NULL pointer dereference in ntfsextentinodeopen in NTFS-3G 2021.8.22...

CVE-2020-29385

GNOME gdk-pixbuf aka GdkPixbuf before 2.42.2 allows a denial of service infinite loop in lzw.c in the function writeindexes. if c-selfcode equals 10, self-codetable10.extends will assign the value 11 to c. The next execution in the loop will assign self-codetable11.extends to c, which will give t...

CVE-2020-29385

GNOME gdk-pixbuf aka GdkPixbuf before 2.42.2 allows a denial of service infinite loop in lzw.c in the function writeindexes. if c-selfcode equals 10, self-codetable10.extends will assign the value 11 to c. The next execution in the loop will assign self-codetable11.extends to c, which will give t...

CVE-2020-12655

An issue was discovered in xfsagfverify in fs/xfs/libxfs/xfsalloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767...

DEBIAN-CVE-2019-13108

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset...

CVE-2016-9560

Stack-based buffer overflow in the jpctsfbgetbands2 function in jpctsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image...

UBUNTU-CVE-2016-8698

Heap-based buffer overflow in the bmreadbodybmp function in bitmapio.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703...

DEBIAN-CVE-2016-3620

The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

CVE-2015-0848

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted BMP image...

CVE-2010-4262

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a FIG image with a crafted color definition...

CVE-2010-3851

libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted 1 qcow2, 2 VMDK, or 3 VDI header, related to lack of support for a dis...

CVE-2009-2294

Integer overflow in the Pngdatainfocallback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG image with crafted 1 width or 2 height values...

CVE-2009-2294

Integer overflow in the Pngdatainfocallback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG image with crafted 1 width or 2 height values...

DEBIAN-CVE-2008-0553

Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk Tcl/Tk before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484...