GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of...

CVE-2026-43492

A flaw was found in the Linux kernel. A local user could trigger an integer underflow in the mpireadrawfromsgl function within the lib/crypto: mpi component. This occurs when invoking a KEYCTLPKEYENCRYPT system call with a larger output length than input length and providing a zero-filled input...

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

CLSA-2026-1779203444 gnutls: Fix of CVE-2026-33845

CVE-2026-33845: fix integer underflow and remote heap overrun in DTLS handshake reassembly by tracking startoffset and fraglength instead of an inclusive startoffset, endoffset range...

CVE-2026-8949

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8954

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8956

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

UBUNTU-CVE-2026-8954

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8956

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

UBUNTU-CVE-2026-8949

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

UBUNTU-CVE-2026-8956

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8954

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

corosync: Corosync: Denial of Service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

EUVD-2026-30904

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...