CVE-2026-31970

A flaw was found in HTSlib, a library used for handling bioinformatics file formats. A remote attacker could exploit an integer overflow vulnerability when a user opens a specially crafted GZI GZIP Index file. Exploiting this bug causes a heap buffer overflow. If a user opens a file crafted to...

[SECURITY] [DSA 6168-1] freetype security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6168-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2026 https://www.debian.org/security/faq -...

CVE-2026-31970

Summary: HTSlib’s GZI index loading path (bgzf_index_load_hfile) may overflow a heap buffer due to an integer overflow, causing a heap buffer overflow. This can crash the application, corrupt data, or potentially allow arbitrary code execution when a crafted GZI file is opened. Affected component...

Integer Overflow or Wraparound

Overview ujson is an Ultra fast JSON encoder and decoder for Python Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the indent parameter in the dumps, dump, or encode functions. An attacker can cause a crash or infinite loop by supplying large or negative...

UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

Summary ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent parameter and the nested depth of the input exceeds INT32MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow...

CLSA-2026-1773831456 openexr: Fix of CVE-2026-27622

CVE-2026-27622: fix integer overflow in CompositeDeepScanLine leading to heap buffer overflow...

RLSA-2023:7754 Moderate: pixman security update

Pixman is a pixel manipulation library for the X Window System and Cairo. Security Fixes: pixman: Integer overflow in pixmansamplefloory leading to heap out-of-bounds write CVE-2022-44638 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

pixman security update

An update is available for pixman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pixman is a pixel manipulation library for the X Window System and Cairo...

SUSE CVE-2026-32775

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

HTSlib 安全漏洞

HTSlib is a C-language library file developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 have security vulnerabilities. These vulnerabilities stem from the bgzfindexloadhfile function, which involves integer overflows, potentially leading to heap buffer overflows...

Debian dsa-6168 : freetype2-demos - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6168 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6168-1 [email protected] https://www.debian.org/security/ Moritz...

HTSlib 安全漏洞

HTSlib is a C-language library developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 have security vulnerabilities. These vulnerabilities stem from incomplete validation of VARINT and CONST encoding contexts, which could lead to heap buffer overflows or stack overflows...

Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure

This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...

RockyLinux 9 : pixman (RLSA-2023:7754)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7754 advisory. pixman: Integer overflow in pixmansamplefloory leading to heap out-of-bounds write CVE-2022-44638 Tenable has extracted the preceding description block directly...

Linux Distros Unpatched Vulnerability : CVE-2025-34297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kissfftalloc in kissfft.c on platforms where sizet is 32-bit. The nfft paramete...

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

Security Bulletin: AIX/VIOS Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Perl could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4, XMLExternalEntityParserCreate does n...

Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...

EUVD-2026-12641

Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger an integer overflow within the DLL Injector, leading to a Blue-Screen-of-Death BSOD. Successful...

[SECURITY] [DSA 6167-1] gst-plugins-base1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6167-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2026 https://www.debian.org/security/faq -...