CVE-2026-46384

CVE-2026-46384 affects iskorotkov/avro (Go) prior to v2.33.0. The root causes are integer overflow and narrowing in Avro decoding paths, including: ReadBlockHeader narrowing on 32-bit targets; cumulative size overflow in arrayDecoder.Decode / mapDecoder.Decode / mapDecoderUnmarshaler.Decode; MinI...

CVE-2026-46384 iskorotkov/avro: Integer Overflow in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

mingw-glib2 security update

An update is available for mingw-glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and...

RLSA-2026:18344 Moderate: mingw-glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: Integer overflow in in...

RLSA-2026:18162 Moderate: iputils security update

The iputils packages contain basic utilities for monitoring a network, including ping. Security Fixes: iputils: iputils integer overflow CVE-2025-48964 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE...

iputils security update

An update is available for iputils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The iputils packages contain basic utilities for monitoring a network,...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

glib2 security update

An update is available for glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and...

libsndfile security update

An update is available for libsndfile. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libsndfile is a C library for reading and writing files containing sample...

RLSA-2026:19150 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

RLSA-2026:19148 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

RLSA-2026:19560 Important: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: integer overflow in imareaderinit CVE-2026-37555 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

Security update for openexr

This update for openexr fixes the following issue CVE-2026-41142: integer overflow in ImageChannel: resize can lead to a heap out-of-bounds write via OpenEXRUtil public API bsc1264356. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2026:2114-1 Security update for openexr

This update for openexr fixes the following issue - CVE-2026-41142: integer overflow in ImageChannel: resize can lead to a heap out-of-bounds write via OpenEXRUtil public API bsc1264356...

OESA-2026-2505 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

OESA-2026-2503 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

OESA-2026-2502 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

OESA-2026-2483 hplip security update

The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. Security Fixes: A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the us...

RUSTSEC-2026-0151 Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms

On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...

batman-adv: fix integer overflow on buff_pos

...