54403 matches found
PT-2026-23916
A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif decoder.c. Such manipulation of the argument canvas height leads to integer overflow. Local access is required to approach this attack. The exploit is...
Crypt::Sodium::XS 安全漏洞
Crypt::Sodium::XS is a Perl encryption library for modern cryptography functions developed by IAMB’s individual developers. Versions of Crypt::Sodium::XS prior to 0.001000 contained security vulnerabilities, which were caused by integer overflows, potentially leading to buffer overflows or crashe...
PT-2026-23906
Name of the Vulnerable Software and Affected Versions Crypt::Sodium::XS versions through 0.001000 Description The Crypt::Sodium::XS Perl module is susceptible to integer overflows in combined aead encryption, combined signature creation, and bin2hex functions. These functions do not verify that t...
OPENSUSE-SU-2026:20332-1 Security update for chromium
This update for chromium fixes the following issues: Changes in chromium: - Chromium 145.0.7632.159 boo1259213 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in PowerVR CVE-2026-3538: Integer overflow in Skia CVE-2026-3539: Object lifecycle issue in DevTools...
CVE-2026-28497
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
Chromium: CVE-2026-3538 Integer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-3536 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
SUSE SLES16 Security Update : expat (SUSE-SU-2026:20627-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20627-1 advisory. - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference...
OESA-2026-1530 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...
OESA-2026-1529 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...
OESA-2026-1527 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-28497
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-28497
TinyWeb (Delphi, Win32) before version 2.03 contains an integer overflow in the string-to-integer conversion routine (_Val) that enables an unauthenticated remote attacker to bypass Content-Length checks and perform HTTP Request Smuggling. This affects servers using persistent connections (Keep-A...
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
PT-2026-26457
Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in the parsing of PSD files due to insufficient validation of user-supplied data, leading to an integer overflow before buffer allocation. This can allow a remote attacker to execu...
PT-2026-26461
Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists within the parsing of XPM files due to a lack of proper validation of user-supplied data, resulting in an integer overflow before buffer allocation. This can allow a remote attacke...
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of palette...
Google Android elevation of privilege vulnerability (CNVD-2026-19056)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an out-of-bounds write due to an integer overflow in multiple functions of memprotect.c. The vulnerability is caused by an integer overflow in th...