UBUNTU-CVE-2026-43341

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

CVE-2026-37459

A flaw was found in FRRouting FRR. An unauthenticated remote attacker can exploit an integer underflow vulnerability by supplying a specially crafted BGP Border Gateway Protocol UPDATE message. This issue can lead to a Denial of Service DoS. Mitigation Red Hat has investigated whether a possible...

CVE-2026-41509 Integer underflow in crypto_sign_open() leads to buffer overflow

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in cryptosignopen caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7...

CVE-2026-41509 Integer underflow in crypto_sign_open() leads to buffer overflow

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in cryptosignopen caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7...

CVE-2026-41509

The CVE-2026-41509 entry concerns the CROSS implementation of the CROSS post-quantum signature algorithm. A buffer overflow in crypto_sign_open() was caused by an underflow of the length field (mlen) before commit fc6b7e7. This underflow vulnerability could enable an overflow during signature ver...

JLSEC-2026-491

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

JLSEC-2026-490

Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile...

stb-image-cwe190-poc

PoC — stbimage v2.30 stbiconvertformat16 integer overf...

CLSA-2026-1778240890 gnutls: Fix of CVE-2026-33845

CVE-2026-33845: fix DTLS handshake parsing integer underflow leading to OOB read...

CLSA-2026-1778239503 gnutls: Fix of CVE-2026-33845

CVE-2026-33845: fix DTLS handshake parsing integer underflow leading to OOB read...

CVE-2026-37540

A flaw was found in OpenAMP. An integer overflow vulnerability exists in the ELF loader's firmware image parsing, specifically within elfloader.c. This flaw occurs when multiplying two attacker-controlled 16-bit values from the ELF header without proper overflow checking. On 32-bit embedded...

EUVD-2026-28536

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

UBUNTU-CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

CVE-2026-44927

Affected software: uriparser prior to 1.0.2. Issue: pointer difference truncation to int in multiple locations, as described in CVE-2026-44927 and corroborated by PT-2026-38681. Potential impact: memory calculation/size-related issues; explicit exploit details are not provided in the documents. R...

BIT-JRE-2026-23865

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

BIT-JRE-2025-6052 Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

BIT-JRE-2025-6021 Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...