JLSEC-2026-125 In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer...

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

OESA-2026-1959 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...

OESA-2026-1958 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

OESA-2026-1957 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

OESA-2026-1956 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

OESA-2026-1955 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow

...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007220)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007220 advisory. Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM md, raid, raid5 modules allows Forced Integer Overflow. Tenable has...

SUSE SLES15 / openSUSE 15 Security Update : corosync (SUSE-SU-2026:1394-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1394-1 advisory. - CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet bsc1261299. - CVE-2026-35092: Denial of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007238)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007238 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: reject configurations that cause integer overflow Reject bogus configs where...

Fedora 43 : libcgif (2026-1a9f019f60)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1a9f019f60 advisory. Version 0.5.3 - Fix potential undefined behavior in cgifaddframe which could have led to an integer overflow CVE-2026-4985 Tenable has extracted the precedin...

OpenEXR -- several integer overflow vulnerabilities

Cary Phillips reports: OpenEXR 3.4.10 is a patch release that addresses the following security vulnerabilities: CVE-2026-39886 HTJ2K Signed Integer Overflow in htundoimpl CVE-2026-40244 Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic missed variant of CVE-2026-34589...

ROS-20260417-73-0050

Vulnerability in firefox related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

JLSEC-2026-122

Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: - Calling aomimgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and...

SUSE CVE-2026-40915

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel...

Foxit, LibRaw vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

openexr security update

An update is available for openexr. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file forma...

RLSA-2026:7682 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...