EUVD-2026-26277

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service permanent IP task freeze requiring hardware reset ...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2.1 Vulnerability Details CVEID:CVE-2026-33306 DESCRIPTION: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt...

CVE-2026-7423

The CVE affects FreeRTOS-Plus-TCP: an integer underflow in ICMP/ICMPv6 echo reply handling prior to V4.4.1 and V4.2.6. Subtracting header sizes from a packet length without validating size enables a heap out-of-bounds read (~65KB), allowing an adjacent attacker to cause a device crash (DoS) when ...

CVE-2026-7423 Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

OPENSUSE-SU-2026:20652-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. - CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425...

SUSE-SU-2026:21433-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. - CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

CLSA-2026-1777456776 glibc: Fix of CVE-2021-35942

CVE-2021-35942: fix integer overflow in wordexp positional parameter number...

CLSA-2026-1777455968 exiv2: Fix of CVE-2026-27631

CVE-2026-27631: fix integer overflow in preview component of PSD image parser...

BIT-THRIFT-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

BIT-THRIFT-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling

...

CLSA-2026-1777446167 pixman: Fix of CVE-2022-44638

CVE-2022-44638: Integer overflow in pixmansamplefloory leading to heap out-of-bounds write in rasterizeedges8...

CVE-2026-7340

An integer overflow flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497896137...

FreeRTOS-Plus-TCP 数字错误漏洞

FreeRTOS-Plus-TCP is an extensible, open-source TCP/IP stack designed for use with FreeRTOS. Versions prior to 4.4.1 and 4.2.6 of FreeRTOS-Plus-TCP contained a numerical error vulnerability. This vulnerability stemmed from integer overflows in the ICMP and ICMPv6 echo reply handlers, which could...

FreeRTOS-Plus-TCP 数字错误漏洞

FreeRTOS-Plus-TCP is an extensible, open-source, and thread-safe TCP/IP stack designed for use with FreeRTOS. Versions prior to V4.4.1 and V4.2.6 of FreeRTOS-Plus-TCP contained a numerical error vulnerability. This vulnerability stemmed from integer underflow in the DHCPv6 sub-option parser, whic...

CVE-2026-37555

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

CVE-2026-37555

The CVE-2026-37555 entry describes a vulnerability in libsndfile 1.2.2’s IMA ADPCM codec. The AIFF path was fixed via a (sf_count_t) cast, but the WAV and close paths remain vulnerable. When samplesperblock (int) * blocks (int) exceeds INT_MAX, a 32-bit multiplication overflows before assignment ...