CVE-2026-27596 Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

SUSE-SU-2026:0703-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-32049: denial of Service attack to websocket server bsc1240751. -...

CVE-2026-27710

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger...

CVE-2026-27710

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger...

CVE-2026-27710 NanaZip .NET Single-File Parser Integer Underflow Leads to Unbounded Allocation (DoS)

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger...

CVE-2026-27710

CVE-2026-27710 affects NanaZip prior to fixed versions 6.0.1638.0 and 6.5.1638.0, where the ".NET Single File Application" parser is vulnerable to a denial-of-service due to an integer underflow in header-size calculation, which can trigger an unbounded memory allocation when opening a crafted bu...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions 3.3.0 to 3.3.6 and 3.4.0 to 3.4.4 of OpenEXR contain security vulnerabilities. These vulnerabilities stem from integer underflow during the parsing of malformed EXR...

CVE-2025-14547

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service...

CVE-2025-14055

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14055

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14055

CVE-2025-14055 concerns an integer underflow in Silicon Labs Secure NCP host implementation that can cause a buffer overread when processing a specially crafted packet. The affected component is the Secure NCP host software; the underlying cause is an underflow leading to reading beyond the alloc...

CVE-2025-14055

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14055 Integer underflow in Secure NCP host

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14055 Integer underflow in Secure NCP host

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14547 ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service...

CVE-2025-14547 ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service...

CVE-2025-14547

CVE-2025-14547 : An integer underflow in Silicon Labs’ PSA Crypto and SE Manager EC‑JPAKE APIs during ZKP parsing can trigger a hard fault, causing a temporary denial of service. Affected: Silicon Labs PSA Crypto and SE Manager EC‑JPAKE APIs. Root cause: integer underflow during ZKP parsing. Impa...

PT-2026-21016

Name of the Vulnerable Software and Affected Versions Silicon Labs PSA Crypto and SE Manager versions affected versions not specified Description An integer underflow issue exists in the EC-JPAKE APIs during ZKP parsing within Silicon Labs’ PSA Crypto and SE Manager implementation. Exploitation o...

PT-2026-21018

Name of the Vulnerable Software and Affected Versions Silicon Labs Secure NCP versions affected versions not specified Description An integer underflow in the Silicon Labs Secure NCP host implementation can lead to a buffer overread when processing a crafted packet. Recommendations At the moment,...

Silicon Labs Simplicity SDK 安全漏洞

Silicon Labs Simplicity SDK is a core software development kit provided by Silicon Labs, Inc. in the United States. The Silicon Labs Simplicity SDK has a security vulnerability that stems from integer underflow, which may lead to excessive buffer reads through specially crafted data packets...