Lucene search
K

66 matches found

OSV
OSV
added 5 days ago1 views

CVE-2026-55781 NanaZip: Unbounded memory allocation (DoS) in NanaZip UFS parser via unvalidated fs_bsize/fs_fsize superblock fields

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fsfsize fragment size, allowin...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References5
OSV
OSV
added last week2 views

DEBIAN-CVE-2026-14454

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References1
NVD
NVD
added last week9 views

CVE-2026-14454

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS0.00394EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:50 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:1 p.m.12 views

Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx

Summary The array multiplication operator array integer in Scriban allocates a result whose size is the product of the attacker-controlled integer and the array length, with no LoopLimit / LimitToString check and no overflow-safe arithmetic. A 40-byte template forces a multi-gigabyte allocation,...

5.8AI score
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/22 9:16 p.m.6 views

CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

6.3CVSS6AI score0.00236EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:17 p.m.17 views

CVE-2026-45971

In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...

5.5CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 12:18 p.m.2 views

CVE-2026-45971 bpf: Limit bpf program signature size

In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/27 12:18 p.m.45 views

CVE-2026-45971 bpf: Limit bpf program signature size

In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...

0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 3:16 p.m.8 views

UBUNTU-CVE-2026-44216

Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is...

7.5CVSS6AI score0.00319EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.14 views

SUSE CVE-2026-31706

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

7CVSS5.9AI score0.00369EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/01 1:56 p.m.42 views

CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

8.8CVSS0.00369EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/27 3:6 p.m.9 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS7.5AI score0.01279EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/22 9:38 a.m.36 views

CVE-2026-33258 Crafted zones can cause increased resource usage

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS0.00583EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.10 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013743 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled...

5.6AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.10 views

PT-2026-31629

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

5.9AI score0.00566EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 6:16 p.m.3 views

CVE-2026-26940

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

6.5CVSS0.0027EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/06 12:0 a.m.6 views

RHEL 8 : spice-client-win (RHSA-2026:0077)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0077 advisory. Spice client MSI installers for Windows clients Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 libtiff: LibTIFF...

8.8CVSS6.6AI score0.73495EPSS
Exploits5References10
RedHat Linux
RedHat Linux
added 2026/01/05 6:7 p.m.3 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
Rows per page
Query Builder