CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

PT-2026-46058

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls parseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2 read. The flaw is detectable with MemorySanitizer MSAN and can lead t...

EUVD-2026-34179

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libcaca vulnerability (USN-8318-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8318-1 advisory. It was discovered that libcaca incorrectly handled certain malformed files. An attacker could use this issue to cause libcaca to...

USN-8318-1 libcaca vulnerability

It was discovered that libcaca incorrectly handled certain malformed files. An attacker could use this issue to cause libcaca to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8318-1: libcaca vulnerability

It was discovered that libcaca incorrectly handled certain malformed files. An attacker could use this issue to cause libcaca to crash, resulting in a denial of service, or possibly execute arbitrary code...

OPENSUSE-SU-2026:20781-1 Security update for assimp

This update for assimp fixes the following issues - CVE-2025-2151: vulnerability affects the function Assimp: GetNextLine in the library ParsingUtils.h bsc1239220. - CVE-2025-2591: division by zero in code/AssetLib/MDL/MDLLoader.cpp bsc1239920. - CVE-2025-2592: heap-based buffer overflow in Assim...

SUSE-SU-2026:21821-1 Security update for assimp

This update for assimp fixes the following issues - CVE-2025-2151: vulnerability affects the function Assimp: GetNextLine in the library ParsingUtils.h bsc1239220. - CVE-2025-2591: division by zero in code/AssetLib/MDL/MDLLoader.cpp bsc1239920. - CVE-2025-2592: heap-based buffer overflow in Assim...

[SECURITY] [DSA 6276-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6276-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2026 https://www.debian.org/security/faq -...

JLSEC-2026-269 Issue summary: An invalid or NULL pointer dereference can happen in an application processing a...

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014311 advisory. FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co...

Debian dla-4547 : gimp - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4547 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4547-1 [email protected]...

CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

CVE-2026-3650

Grassroots DICOM library (GDCM) memory leak when parsing malformed DICOM files with non-standard VR types in file meta information. Root cause: improper memory handling leads to vast allocations and resource depletion, enabling a DoS via heap exhaustion from a single read. Impact: high availabili...

CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

Libarchive: libarchive: denial of service via malformed iso file processing

...

PT-2026-27379

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function ...

CVE-2026-28418

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundar...

CVE-2026-26981

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...