12163 matches found
CVE-2026-14683
A flaw was found in HdrHistogram. A local attacker can exploit a vulnerability in the decodeFromCompressedByteBuffer function by manipulating the lengthOfCompressedContents argument. This manipulation leads to uncontrolled memory allocation, which can result in a Denial of Service DoS condition,...
Linux Distros Unpatched Vulnerability : CVE-2026-61465
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can...
CVE-2026-61465
A flaw was found in ImageMagick. This vulnerability occurs because ImageMagick is missing a check for the allowed memory allocation limit during certain image processing operations, such as when using the -canny function. A remote attacker could provide a specially crafted image, causing the...
CVE-2026-61861
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...
CVE-2026-61465
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...
EUVD-2026-43188
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...
CVE-2026-61870 ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service...
CVE-2026-61870
ImageMagick before 7.1.2-26 contains a memory leak in the VIFF encoder when memory allocation fails. An attacker can trigger allocation failures by processing specially crafted VIFF images to exhaust memory and cause a DoS. Remediation: upgrade to ImageMagick 7.1.2-26 or later; apply vendor patch...
CVE-2026-61465
ImageMagick before 7.1.2-26 and 6.9.13-51 lacks a check for the allowed memory allocation limit in matrix-backed operations (e.g., -canny). A crafted image can cause ImageMagick to allocate more memory than policy permits, resulting in a denial of service. Affected components: ImageMagick's memor...
CVE-2026-55213
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...
EUVD-2026-42960
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...
CVE-2026-55782
NanaZip (a 7-Zip derivative) is affected by an unbounded memory allocation vulnerability in its WebAssembly archive handler (NanaZip.Codecs.Archive.WebAssembly.cpp). The issue arises when buffers are allocated from attacker-controlled 32-bit section and custom-name length fields without cross-che...
CVE-2026-54063
Excelize CVE-2026-54063: The library vulnerable due to checkSheet() using attacker-controlled row attribute to allocate memory for xlsxRow slices without enforcing the Excel row limit. This can cause (A) out-of-memory leading to process kill and (B) runtime panic from out-of-bounds indexing when ...
CVE-2026-56373
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...
CVE-2026-56373 ImageMagick - Use-After-Free Write in PDB Decoder
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...
CVE-2026-40006
Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...
CVE-2026-39244
The CVE-2026-39244 entry concerns adm-zip before 0.5.18 and describes a denial-of-service vulnerability triggered by a crafted ZIP file with a manipulated uncompressed size header. The root cause is that zipEntry.js allocates memory using Buffer.alloc(_centralHeader.size) based on the uncompresse...
PT-2026-57215
Name of the Vulnerable Software and Affected Versions adm-zip versions prior to 0.5.18 Description A denial-of-service issue exists when parsing crafted ZIP files with a manipulated uncompressed size header field. The library allocates memory based on the declared uncompressed size from the ZIP...
CVE-2026-39244
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...
CVE-2026-56362
A heap-buffer-overflow read in ImageMagick's OpenPixelCache occurs when image channel metadata updates before memory allocation. Attackers can trigger this via memory and disk allocation failures to disclose sensitive information. Mitigation Isolate ImageMagick tasks by running them inside...