UBUNTU-CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

CVE-2026-27799

A flaw was found in ImageMagick, a software suite used for editing and manipulating digital images. This vulnerability, a heap buffer over-read, exists within the component that handles DJVU image files. A local attacker could exploit this by processing a specially crafted DJVU image, leading to ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the vhostvsock component to allocate memory using kmalloc when processing large packets, which...

UBUNTU-CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

AZL-51868 CVE-2024-50610 affecting package gsl 2.6-3

GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs...

SUSE CVE-2015-1827

The getusergrouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service crash via a group list request for a user that belongs to a large number of groups...

SUSE CVE-2013-1983

Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function...

AZL-7124 CVE-2021-45960 affecting package expat for versions less than 2.4.3-1

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

Apache NuttX 输入验证错误漏洞

Apache NuttX is a real-time embedded operating system from the Apache Foundation USA. Apache NuttX suffers from an input validation error vulnerability that stems from the fact that incorrect memory allocation could lead to arbitrary memory allocation, which could result in unexpected behavior su...

UBUNTU-CVE-2019-20925

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB...

MongoDB Authorization Issues Vulnerability

MongoDB is a document-oriented database management system from the U.S.-based MongoDB, Inc. An authorization issue vulnerability exists in MongoDB that allows an unauthenticated client to trigger a denial of service by issuing a specially crafted wired protocol message, which could cause the...

DEBIAN-CVE-2015-0283

The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service infinite loop and CPU consumption via a request for a 1 group with a large number of members or 2 user that belongs to a large number o...

CVE-2013-5595

The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the orderedmalloc function in boost/pool/pool.hpp. An attacker can perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated...

CVE-2002-0353

Concrete details found: CVE-2002-0353 affects Ethereal 0.9.2 and earlier, stemming from the ASN.1 parser, enabling remote denial of service via a malformed packet that triggers improper memory allocation (possibly due to zero-length fields). Public advisories reference multiple vendors (Debian, R...