671 matches found
PT-2026-38773
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
PT-2026-38681
Name of the Vulnerable Software and Affected Versions uriparser versions prior to 1.0.2 Description The software contains pointer difference truncation to int in various locations. Recommendations Update to version 1.0.2 or later...
BIT-JAVA-MIN-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
BIT-JAVA-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
PT-2026-37752
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
PT-2026-37959
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
Astra Linux – Vulnerability in openjdk-11, bcel
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
CLSA-2026-1777395036 ImageMagick: Fix of 2 CVEs
CVE-2026-33900: integer truncation/wraparound in the viff encoder that could trigger an out-of-bounds heap write on 32-bit builds GHSA-v67w-737x-v2c9; upstream b6c01a5a23f1e350ebe2db78c7cc326db2e320c9 - CVE-2026-33905: out-of-bounds read in SampleImage when sample:offset is set via -sample define...
libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
A flaw was found in libpng, a reference library for PNG Portable Network Graphics raster image files. An integer truncation vulnerability exists in the pngwriteimage16bit and pngwriteimage8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row...
libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
A flaw was found in libpng, a reference library for PNG Portable Network Graphics raster image files. An integer truncation vulnerability exists in the pngwriteimage16bit and pngwriteimage8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row...
CVE-2026-26178
Integer size truncation in Windows Advanced Rasterization Platform WARP allows an unauthorized attacker to elevate privileges locally...
PT-2026-32755
CVE-2026-26178 Integer size truncation in Windows Advanced Rasterization Platform WARP allows an unauthorized attacker to elevate privileges locally. https://t.co/6dbFxYiIih...
UBUNTU-CVE-2026-33900
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a...
CVE-2026-33900
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a...
CVE-2026-33900
CVE-2026-33900 affects ImageMagick’s VIFF encoder. A 32-bit build can trigger an integer truncation/wraparound that causes an out-of-bounds heap write, potentially crashing the process. The vulnerability is fixed in ImageMagick releases 6.9.13-44 and 7.1.2-19. OpenSUSE and Debian-related advisori...
CVE-2026-33900
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a...
PT-2026-32524
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-44 ImageMagick versions prior to 7.1.2-19 Description The viff encoder contains an integer truncation or wraparound issue on 32-bit builds. This can trigger an out of bounds heap write, potentially causing ...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 7.1.2-19 and 6.9.13-44 contained security vulnerabilities. These vulnerabilities were due ...
curl: libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire
Summary: curleasysslsimport deserializes a TLS session blob and stores it in the in-memory session cache. In Curlsslsessionunpack lib/vtls/vtlsspack.c:311, the validuntil field is read as uint64t and cast directly to curlofft int64t with no bounds check — so a crafted blob encoding validuntil =...
CVE-2026-23457
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntracksip module. This vulnerability arises from an integer truncation error when processing the Content-Length header in Session Initiation Protocol SIP messages. On 64-bit systems, large Content-Length valu...