lcms2 -- Integer overflow

https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 reports: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

Little CMS 安全漏洞

Little CMS either lcms or liblcms is an open-source color management system developed by Marti Maria. This system offers features such as black-point compensation, processing of various pixel formats, and configuration file editing. Versions of Little CMS prior to 2.18 contained a security...

PT-2026-33596

Name of the Vulnerable Software and Affected Versions Little CMS lcms2 versions prior to 2.19 Description An integer overflow occurs in the CubeSize calculation within the cmslut.c file because the overflow check is executed after the multiplication operation. Recommendations Update to a version...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the ParseHttpHeaders process. An attacker can cause the application to read memory outside the bounds of the allocated HTTP request buffer by sending a specially crafted SOAPAction header containi...

CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

DEBIAN-CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

UBUNTU-CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

CVE-2026-5720 miniupnpd Integer Underflow SOAPAction Header Parsing

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

CVE-2026-5720

The CVE-2026-5720 issue affects the MiniUPnP daemon (miniupnpd). The vulnerability is an integer underflow in SOAPAction header parsing within ParseHttpHeaders(), where improper length validation can cause an underflow to a large unsigned value and an out-of-bounds memchr() read. This can lead to...

CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

CVE-2026-28214

A flaw was found in Firebird, an open-source relational database management system. An authenticated user with INSERT privileges on any table can exploit this vulnerability by sending a specially crafted Batch Parameter Block. This action causes an integer overflow in the...

CLSA-2026-1773928447 expat: Fix of CVE-2026-25210

CVE-2026-25210: fix integer overflow in tag buffer reallocation in doContent function...

JLSEC-2026-150

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

JLSEC-2026-152 In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote...

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs...

JLSEC-2026-130

An integer overflow could occur when OpenEXR processes a crafted file on systems where sizet 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths...

CLSA-2026-1776433691 gstreamer1: Fix of CVE-2024-47606

CVE-2024-47606: fix integer overflow when allocating sysmem...

JLSEC-2026-125 In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer...

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

JLSEC-2026-126 In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications...

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

OESA-2026-1959 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...