SUSE-SU-2026:21157-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.9.1 ESR bsc1261663. - MFSA 2026-27: CVE-2026-5731: memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2...

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

UBUNTU-CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

CVE-2026-5442

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation VR Unsigned Long UL, instead of the expected VR Unsigned Short US, which allows extremely large dimensions to be processed. This causes an integer overflow during frame...

CVE-2026-5444

CVE-2026-5444 affects Orthanc’s PAM image parsing logic when processing a crafted PAM image embedded in a DICOM file. The vulnerability stems from multiplying image dimensions with 32-bit unsigned arithmetic, causing an integer overflow in the buffer size calculation. This can allocate a small bu...

EUVD-2026-20740

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...

EUVD-2026-20736

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...

EUVD-2026-20744

Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20738

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...

Orthanc 安全漏洞

Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from a heap buffer overflow in the DICOM image decoder. This vulnerability may lead to integer overflows and out-of-bound memory accesses during image decoding...

Orthanc 安全漏洞

Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from the PAM image parsing logic’s heap buffer overflow. This vulnerability may lead to integer overflow and larger write operations after small buffers are allocated during...

PT-2026-31631

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation VR Unsigned Long UL, instead of the expected VR Unsigned Short US, which allows extremely large dimensions to be processed. This causes an integer overflow during frame...

Apache ActiveMQ 输入验证错误漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a vulnerability in input validation of Apache ActiveMQ, which stems from improper validation of the remaini...

SUSE CVE-2026-5732

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1...

SUSE CVE-2026-24450

An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2026-5909

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...

CVE-2026-5908

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...