Lucene search
+L

121 matches found

EUVD
EUVD
added 2026/07/06 7:51 p.m.7 views

EUVD-2026-24978

comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output...

3.3CVSS5.9AI score0.00176EPSS
Exploits1References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in openexr

OpenEXR provides the specification and reference implementation of the EXR file format, a image storage format for the motion picture industry. From version 3.2.0 up to versions 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder used signed 32-bit arithmetic to construct temporary per-component block...

8.8CVSS5.7AI score0.00419EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.6 views

EUVD-2026-25026

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS5.7AI score0.00143EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6gcw-w7cp-94g9. This link is maintained to preserve external references. Original Description The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines...

3.3CVSS5.9AI score0.00176EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.8 views

GHSA-HWHF-8P2F-45WR Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6gcw-w7cp-94g9. This link is maintained to preserve external references. Original Description The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines...

3.3CVSS5.9AI score0.00176EPSS
Exploits1References6
NVD
NVD
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35346

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS0.00176EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/22 4:9 p.m.2 views

CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS5.7AI score0.00143EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/22 4:9 p.m.30 views

CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS0.00143EPSS
Exploits1References2
CVE
CVE
added 2026/04/22 4:9 p.m.18 views

CVE-2026-35375

CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...

3.3CVSS5.7AI score0.00143EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/22 4:9 p.m.3 views

CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS6AI score0.00143EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/22 4:7 p.m.31 views

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS0.00176EPSS
Exploits1References3
CVE
CVE
added 2026/04/22 4:7 p.m.14 views

CVE-2026-35346

The CVE-2026-35346 entry concerns the uutils coreutils comm implementation; it is affected by a flaw where the program uses String::from_utf8_lossy() and, as a result, applies lossy UTF-8 conversion to all output lines. This causes data corruption when comparing binary files or files with non-UTF...

3.3CVSS5.8AI score0.00176EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.5 views

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS5.8AI score0.00176EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35346

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS5.8AI score0.00176EPSS
Exploits1References4
OSV
OSV
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS6AI score0.00176EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34511

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to string lossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS5.7AI score0.00143EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34482

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation utilizes the String::from utf8 lossy function, which replaces...

3.3CVSS6AI score0.00176EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-35346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses...

3.3CVSS5.8AI score0.00176EPSS
Exploits1References3
OSV
OSV
added 2026/04/17 3:19 p.m.7 views

JLSEC-2026-143

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS5.9AI score0.00283EPSS
Exploits1References7
OSV
OSV
added 2026/04/17 3:19 p.m.4 views

JLSEC-2026-149

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

8.4CVSS5.8AI score0.00419EPSS
Exploits1References7
Rows per page
Query Builder