CVE-2026-32845 jkuhlmann / cgltf <= 1.15 Sparse Accessor Validation Integer Overflow

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-32845

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-32845 jkuhlmann / cgltf <= 1.15 Sparse Accessor Validation Integer Overflow

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CLSA-2026-1774021165 expat: Fix of CVE-2026-25210

CVE-2026-25210: fix memory corruption via integer overflow in doContent function during tag buffer reallocation...

expat: Fix of CVE-2026-25210

CVE-2026-25210: fix memory corruption via integer overflow in doContent function during tag buffer reallocation...

CLSA-2026-1773925534 expat: Fix of CVE-2026-25210

Fix CVE-2026-25210: integer overflow in doContent tag buffer reallocation...

CVE-2026-25075

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...

CLSA-2026-1774266713 exiv2: Fix of 2 CVEs

CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...

CLSA-2026-1774266009 exiv2: Fix of 2 CVEs

CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...

OPENSUSE-SU-2026:20410-1 Security update for exiv2

This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder bsc1219870. - CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder bsc1219871. - CVE-2024-39695:...

SUSE-SU-2026:20923-1 Security update for exiv2

This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder bsc1219870. - CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder bsc1219871. - CVE-2024-39695:...

Chromium: CVE-2026-4464 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4452 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

GHSA-8G7P-JF3G-GXCP jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

CVE-2026-4599

JSrsasign versions 7.0.0–11.0.x are vulnerable due to Incomplete Comparison with Missing Factors in src/crypto-1.1.js: getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax perform incorrect compareTo checks that accept out-of-range candidates, biasing DSA nonces and enabling private key r...

SUSE-SU-2026:0955-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: Update to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension bsc1254670. - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation bsc1259619. Changelog: Fix the WAL-reset database corruption bug...

Security update for sqlite3

This update for sqlite3 fixes the following issues: Update to 3.51.3: CVE-2025-7709: Integer Overflow in FTS5 Extension bsc1254670. CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation bsc1259619. Changelog: Fix the WAL-reset database corruption bug:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gimp (UTSA-2026-006278)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006278 advisory. GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

PT-2026-27054

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...