ROS-20260520-73-0043

A vulnerability in the Codecs component of the Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-43618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflo...

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

CVE-2023-7345

Affected software: Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7. Root cause: Integer parsing vulnerability in EIP-712 message handling due to incorrect hexadecimal field parsing when values have an odd number of characters. Impact: Attackers could obtain signatures ...

CVE-2023-7345 Ledger Live hw-app-eth EIP-712 Message Parsing Integer Truncation

Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file

A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the uncompressedfpdngloadraw functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Chunk process when handling files with a samplesperchunk value of zero. An attacker can cause a segmentation fault and denial of service by providing a specially crafted HEIF file that triggers an unsigned...

GIMP: GIMP: Arbitrary code execution via specially crafted PSD file

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

gimp: GIMP: Remote Code Execution via ANI File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI Animated Cursor file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of...

CVE-2026-33642

A flaw was found in Kitty, a cross-platform GPU-based terminal. A remote attacker, by sending specially crafted escape sequences to a Kitty terminal, can exploit an integer wrapping vulnerability in the handlecomposecommand function. This vulnerability allows for out-of-bounds memory access, whic...

CLSA-2026-1779216196 libssh2: Fix of CVE-2026-7598

CVE-2026-7598: fix integer overflow in userauthpassword CVE-2026-7598...

Moderate: Red Hat Security Advisory: corosync security update

An update for corosync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...