36 matches found
GHSA-MX64-MJ3Q-7PRJ iskorotkov/avro: Denial-of-Service Vulnerability in Decoder
Memory Exhaustion via Unbounded Map Allocations in Avro Decoder Summary The Avro map decoder accepted attacker-controlled block-element counts from the wire format and grew the destination map without enforcing an upper bound. The slice decoder already had Config.MaxSliceAllocSize for the...
PT-2026-41799
Name of the Vulnerable Software and Affected Versions iskorotkov/avro versions prior to 2.33.0 github.com/hamba/avro/v2 versions prior to 2.32.0 Description Several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before...
CLSA-2026-1778787692 Fix CVE(s): CVE-2026-7258, CVE-2026-7262, CVE-2026-7568
SECURITY UPDATE: NULL pointer dereference in SOAP apache:Map decoder - debian/patches/CVE-2026-7262.patch: fix wrong variable checked in tozvalmap NULL check, changing if !xmlKey to if !xmlValue - CVE-2026-7262 SECURITY UPDATE: Signed integer overflow in metaphone char array offset -...
BIT-PHP-MIN-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...
BIT-PHP-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...
BIT-LIBPHP-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...
CVE-2026-7262
CVE-2026-7262 affects PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6. When a SOAP server uses a typemap, the decoding process checks the wrong variable for missing value elements, which can dereference a NULL pointer and crash the PHP SOAP server, causin...
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...
CVE-2026-25987
A flaw was found in ImageMagick. A remote attacker could exploit a heap buffer over-read vulnerability in the MAP image decoder by providing a specially crafted MAP file. This could lead to the application crashing, resulting in a denial of service, or unintended memory disclosure during image...
CVE-2026-25987
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...
UBUNTU-CVE-2026-25987
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...
CVE-2026-25987
CVE-2026-25987 affects ImageMagick’s MAP image decoder. A crafted MAP file can trigger a heap over-read, potentially causing a crash and memory disclosure. The risk is explicit in multiple advisories referencing CVE-2026-25987 (e.g., ALAS2-2026-3211/ALAS2023-2026-1478 and openSUSE/SUSE advisories...
CVE-2026-25987
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...
CVE-2026-25987 ImageMagick has heap buffer over-read in MAP image decoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...
Linux Distros Unpatched Vulnerability : CVE-2026-25987
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read...