LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*

...

MiracleLinux 8 : mingw-sqlite-3.26.0.0-2.el8_10 (AXSA:2025-10765:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10765:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : sqlite-3.34.1-9.el9_7 (AXSA:2025-11450:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11450:04 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : nodejs:22 (AXSA:2025-10673:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10673:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : sqlite-3.26.0-20.el8_10 (AXSA:2025-10668:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10668:02 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : sqlite-3.34.1-8.el9_6 (AXSA:2025-10658:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10658:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : nodejs:22 (AXSA:2025-10653:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10653:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

AZL-74283 CVE-2026-22801 affecting package libpng for versions less than 1.6.54-1

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

AZL-74499 CVE-2026-22801 affecting package gdal 3.6.3-5

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

CVE-2026-22801

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

CVE-2026-22801

From the connected documents: LIBPNG versions 1.6.26–1.6.53 contain an integer truncation in the simplified write API (png_write_image_16bit and png_write_image_8bit) that can cause a heap over-read when the caller provides a negative row stride (bottom-up layouts) or a stride > 65535 bytes. T...

CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

libpng 输入验证错误漏洞

libpng is The PNG Development Group open source a PNG graphics file can be realized on the creation of PNG, read and write operations such as PNG reference library . An input validation error vulnerability exists in libpng versions 1.6.26 through 1.6.53, which stems from an integer truncation in...

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by improper access control and integer truncation issues due to flaw in Apache Xalan

Summary Apache Xalan in Logstash is used by IBM Operations Analytics - Log Analysis as part of the data transformation and integration. CVE-2014-0107, CVE-2022-34169. Vulnerability Details CVEID:CVE-2014-0107 DESCRIPTION: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly...

RHEL 8 : spice-client-win (RHSA-2026:0077)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0077 advisory. Spice client MSI installers for Windows clients Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 libtiff: LibTIFF...

Security Bulletin: Rational Performance Tester contains a vulnerability which could lead to potential remote code execution

Summary Due to the use of the Apache Xalan Java XLST library, Rational Performance Tester contains a vulnerability that could lead to potential remote code execution. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execut...

node-forge ASN.1 OID Integer Truncation

...

CVE-2025-66030 node-forge ASN.1 OID Integer Truncation

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...