CVE-2026-12892 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 nal extension slice parser

CVE-2026-12892 affects the GStreamer gst-plugins-bad package, specifically a vulnerability in the H.264 extension slice parser. The issue is a 1-byte heap out-of-bounds read when processing specially crafted H.264 videos with malformed MVC/SVC extension slice NAL units. The parser may check slice...

CVE-2026-56116

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

CVE-2026-56116

CVE-2026-56116 affects dhcpcd up to version 10.3.2. The vulnerability is in the IPv6 Router Advertisement route information handling, where a memory leak can be triggered by an unauthenticated, same-link attacker sending crafted Router Advertisements. Specifically, Router Advertisements containin...

CVE-2026-56116 dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

EUVD-2026-38496

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

CVE-2026-56371

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

CVE-2026-56371

ImageMagick vulnerability CVE-2026-56371: memory leak in coders/txt.c when processing TXT files with texture attributes. The texture object allocated via ReadImage is not released if GetTypeMetrics fails, causing a memory leak for each crafted TXT file processed. Affected versions are before 7.1....

EUVD-2026-38439

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

CVE-2026-49337

CVE-2026-49337 affects libde265 prior to 1.0.20. A crafted sequence of H.265 NAL units lets decoder_context::read_slice_NAL() attach slice headers to a finished picture object with no active image unit, causing attacker-controlled unbounded heap growth. The headers are retained until the picture ...

kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation

A flaw was found in the Linux kernel's AMD display component. This vulnerability arises from incorrect validation of display mode changes during Display Stream Compression DSC processing. A local attacker could exploit this by initiating specific display configuration changes, which may lead to a...

kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation

A flaw was found in the Linux kernel's AMD display component. This vulnerability arises from incorrect validation of display mode changes during Display Stream Compression DSC processing. A local attacker could exploit this by initiating specific display configuration changes, which may lead to a...

CVE-2026-48141

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-48141

NI grpc-device contains a memory leak in BeginSidebandStream that may lead to denial of service via memory exhaustion. Affected product: NI grpc-device 2.17.0 and earlier. The provided documents do not specify an available fix or remediation; no exploitation details are provided. Monitor for upda...

CVE-2026-48141 Memory leak in NI grpc-device BeginSidebandStream

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nullblk: The issue of kmemleak was fixed by releasing references to fault-configfs items. When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating configfs items such as...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the memory leak in mpi3mrhbaport during the mpi3mrremove function...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: The MR restrack must be released when it is deleted. The MR restrack also needs to be released when it is deleted; otherwise, a memory leak may occur, as the task struct will not be released...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfc: nfcmrvl: Fixed a potential memory leak in nfcmrvli2cncisend The nfcmrvli2cncisend function will be called by nfcmrvlncisend. In nfcmrvli2cncisend, the skb object should be freed. However, nfcmrvlncisend will only free the...

Astra Linux – Vulnerability in ffmpeg

There is a denial-of-service vulnerability in FFmpeg 4.2 due to a memory leak affected by: a memory leak in the linkfilterinouts function in libavfilter/graphparser.c...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: Net: qlcnic: A potential memory leak has been fixed in qlcnicsriovinit. If the vpalloc function fails in qlcnicsriovinit, all previously allocated vp resources must be freed...