GHSA-HX6P-XPX3-JVVV Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding

Summary Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds check. Specifically the number of code units were checked instead of the byte...

Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding

Summary Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds check. Specifically the number of code units were checked instead of the byte...

CVE-2026-34942 Wasmtime panics when transcoding misaligned utf-16 strings

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

CVE-2026-34941

Wasmtime (WebAssembly runtime) contains a heap OOB read during transcoding of UTF-16 to the latin1+utf16 component-model encoding. The bug stems from validating the input length by code units instead of by byte length, causing reads beyond the WebAssembly linear memory during bounds checking. In ...

RUSTSEC-2026-0093 Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hx6p-xpx3-jvvv For more information see the GitHub-hosted security advisory...

PT-2026-31681

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

Linux Distros Unpatched Vulnerability : CVE-2022-27457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c. CVE-2022-27457 Note that...

CVE-2012-10043

A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy duri...

CVE-2012-10043 ActFax 4.32 Client Importer Buffer Overflow

A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy duri...

BIT-MARIADB-MIN-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

OSV-2024-1043 Heap-buffer-overflow in simdutf::haswell::implementation::convert_utf8_to_latin1

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71307 Crash type: Heap-buffer-overflow WRITE Crash state: simdutf::haswell::implementation::convertutf8tolatin1 Conversion Conversion...

PT-2024-40567 · Git +1 · Simdutf

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write error. Technical details include the crash type and state, specifically mentioning...

mariadb: incorrect key in "dup value" error after long unique

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mymbwclatin1 at /strings/ctype-latin1.c, affecting availability...

SUSE CVE-2023-38854

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcodelatin1toutf8 function in xlstool.c:296...

DEBIAN-CVE-2023-38854

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcodelatin1toutf8 function in xlstool.c:296...

CVE-2023-38854

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcodelatin1toutf8 function in xlstool.c:296...

PT-2023-26635 · Libxls +1 · Libxls +1

Name of the Vulnerable Software and Affected Versions: libxlsv version 1.6.2 Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode latin1 to utf8 function in xlstool.c. Recommendations: For...

SUSE CVE-2017-10683

In mpg123 1.25.0, there is a heap-based buffer over-read in the convertlatin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack...

SUSE CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

Ubuntu: Security Advisory (USN-5613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...