CVE-2026-34549

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in IccUtil.cpp triggered by a crafted input profile. Under UndefinedBehaviorSanitizer, the issue is reported as invalid left shift...

CVE-2026-34549 iccDEV: UB at IccUtil.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in IccUtil.cpp triggered by a crafted input profile. Under UndefinedBehaviorSanitizer, the issue is reported as invalid left shift...

Linux Distros Unpatched Vulnerability : CVE-2020-36277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Leptonica before 1.80.0 allows a denial of service application crash via an incorrect left shift in pixConvert2To8 in pixconv.c. CVE-2020-36277 Note that Nessus...

UBUNTU-CVE-2024-56720

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpfmsgpopdata Several fixes to bpfmsgpopdata, 1. In skmsgshiftleft, we should putpage 2. if len == 0, return early is better 3. pop the entire skmsg last == msg-sg.size should be supported 4. Fix fo...

SUSE CVE-2017-7592

The putagreytile function in tifgetimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

SUSE CVE-2020-36277

Leptonica before 1.80.0 allows a denial of service application crash via an incorrect left shift in pixConvert2To8 in pixconv.c...

ALPINE-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

DEBIAN-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

UBUNTU-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

PT-2021-6138 · Expat +12 · Expat +12

Name of the Vulnerable Software and Affected Versions: Expat aka libexpat versions prior to 2.4.3 Description: The issue is related to a left shift by 29 or more places in the storeAtts function in xmlparse.c, which can lead to realloc misbehavior, such as allocating too few bytes or only freeing...

OESA-2021-1327 leptonica security update

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

UBUNTU-CVE-2017-9188

libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63...

PT-2017-18770 · Martin Weber +1 · Autotrace +1

Name of the Vulnerable Software and Affected Versions: AutoTrace version 0.31.1 Description: The issue is related to a "left shift" problem that cannot be represented in type int, located in input-bmp.c at line 516, column 63. This is a problem in the libautotrace.a library of AutoTrace...

DEBIAN-CVE-2017-7592

The putagreytile function in tifgetimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

PT-2017-17835 · Fraunhofer Iis · He-Aac+ Codec

Name of the Vulnerable Software and Affected Versions: HE-AAC+ Codec aka libaacplus version 2.0.2 Description: The issue is related to a left-shift undefined behavior in the au channel.h file, which could allow remote attackers to cause a denial of service, potentially leading to an application...

UBUNTU-CVE-2017-5498

libjasper/include/jasper/jasmath.h in JasPer 1.900.17 allows remote attackers to cause a denial of service crash via vectors involving left shift of a negative value...

UBUNTU-CVE-2015-1593

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related ...