DEBIAN-CVE-2025-2581

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to addre...

UBUNTU-CVE-2025-2581

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to addre...

The vulnerability of the grub_malloc() function in the squash4 module of the Grub2 operating system allows a hacker to execute arbitrary code.

The vulnerability of the grubmalloc function in the squash4 module of the Grub2 operating system involves executing an operation beyond the boundaries of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2024-57262

In barebox before 2025.01.0, ext4fsreadsymlink has an integer overflow for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256...

PT-2025-20492

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL dereference issue has been resolved in the Linux kernel. The problem occurs when malloc returns NULL due to low memory, causing the config pointer to be NULL. A check has been add...

CVE-2024-57255

An integer overflow in sqfsresolvesymlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

UBUNTU-CVE-2024-57256

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

SUSE CVE-2024-57256

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

PT-2025-6748 · Barebox · Barebox

Name of the Vulnerable Software and Affected Versions: barebox versions prior to 2025.01.0 Description: The issue is related to an integer overflow in the ext4fs read symlink function when handling a crafted ext4 filesystem with an inode size of 0xffffffff. This results in a malloc of zero and a...

SUSE CVE-2025-1150

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfdmalloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high...

AZL-56719 CVE-2025-1150 affecting package gdb 11.2-10

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfdmalloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high...

AZL-56773 CVE-2025-1150 affecting package binutils 2.37-20

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfdmalloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high...

CVE-2024-57623

An issue in the HEAPmalloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

PT-2025-3490 · Monetdb · Monetdb Server

Name of the Vulnerable Software and Affected Versions: MonetDB Server version 11.49.1 Description: The issue in the HEAP malloc component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server version 11.49.1, consider disabling the HEAP...

MonetDB 安全漏洞

MonetDB is an open source column-oriented relational database management system from MonetDB Open Source. A security vulnerability exists in MonetDB version v11.49.1, which stems from an issue contained in the HEAPmalloc component. An attacker exploiting this vulnerability could cause a denial of...

PT-2026-21539

Name of the Vulnerable Software and Affected Versions Libsixel versions prior to 1.8.7 Description A memory leak exists in Libsixel versions prior to 1.8.7, specifically within the malloc stub.c component. This leak could potentially lead to resource exhaustion. Recommendations Update to a versio...

SQLite report about CVE-2025-29087

Duplicate of CVE-2025-3277...

CVE-2012-2677

...

SUSE CVE-2024-53984

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...

DEBIAN-CVE-2024-53984

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...