SUSE-SU-2025:02233-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-4373: integer overflow in the gstringinsertunichar function can lead to buffer underwrite and memory corruption bsc1242844...

CVE-2025-48172

CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chmlib.c chmdecompressblock integer overflow. There is a resultant heap-based buffer overflow in chmfetchbytes...

CVE-2025-48172

CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chmlib.c chmdecompressblock integer overflow. There is a resultant heap-based buffer overflow in chmfetchbytes...

AlmaLinux 9 : gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server (ALSA-2025:7178)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7178 advisory. gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 gstreamer: AV1 Video Parsing Stack-based Buffer Overflow CVE-2024-0444 Tenable has extract...

SUSE-SU-2025:02167-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-6052: Fixed integer overflow in gstringmaybeexpand leads to potential buffer overflow in GString bsc1244596. - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function gstringinsertunichar bsc1242844...

SQLite 3.44.0 < 3.49.1 Multiple Vulnerabilities

The version of SQLite installed on the remote host is 3.44.0 through 3.49.0 before 3.49.1. It is, therefore, affected by multiple vulnerabilities: - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer...

CVE-2020-36846 IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library

A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a scrip...

CVE-2022-48333

Widevine Trusted Application TA 5.0.0 through 5.1.1 has a drmverifykeys prefixlen+featurenamelen integer overflow and resultant buffer overflow...

SUSE-SU-2025:01599-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with gdatetimenewfromiso8601 bsc1240897...

FreeBSD : WeeChat -- Multiple vulnerabilities (46594aa3-32f7-11f0-a116-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 46594aa3-32f7-11f0-a116-8447094a420f advisory. The Weechat project reports: Multiple integer and buffer overflows in WeeChat core. Tenable has extract...

CVE-2025-40907

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

CVE-2025-40907

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

CVE-2025-40907

CVE-2025-40907 affects FCGI 0.44–0.82 with the included fcgi2 library (libfcgi) in Perl-based FCGI; root cause is an integer overflow in ReadParams (fcgiapp.c), leading to a heap-based buffer overflow via crafted nameLen/valueLen. Public advisories indicate fixes across multiple distributions: De...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

[email protected] reports: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target...

CVE-2025-3360

CVE-2025-3360 : GLib2 contains an integer overflow and buffer under-read when parsing a long invalid ISO 8601 timestamp via g_date_time_new_from_iso8601(). Debian LTS notes a fix in glib2.0 for Bullseye (2.66.8-1+deb11u6); other advisories (e.g., Astra/IBM-related pages) reference GLib fixes. CVS...

CVE-2025-32050 Libsoup: integer overflow in append_param_quoted

A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read...

CVE-2024-45776

CVE-2024-45776 affects GRUB2’s language handling (grub_mofile_open): reading a language .mo file can overflow the internal buffer during allocation due to an unchecked integer overflow, leading to out-of-bounds reads/writes. Consequences described in the sources include leakage of sensitive data ...

PT-2025-16260

Name of the Vulnerable Software and Affected Versions: SQLite affected versions not specified Description: An integer overflow can be triggered in SQLite's concat ws function, leading to a Heap Buffer overflow of size 4GB, which can result in arbitrary code execution. This occurs because the...

Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2025-2747 (ALAS-2025-2747)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2747 advisory. GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has...