CVE-2026-33812

CVE-2026-33812 affects golang.org/x/image, where parsing a malicious SFNT font can trigger excessive memory allocation. The connected CVE listing confirms the issue is caused by decoding a malicious font file (SFNT) and identifies golang.org/x/image as the affected component. The provided documen...

EUVD-2026-24245

Parsing a malicious font file can cause excessive memory allocation...

CVE-2026-33812 Excessive memory allocation when decoding malicious SFNT in golang.org/x/image

Parsing a malicious font file can cause excessive memory allocation...

CVE-2026-33812 Excessive memory allocation when decoding malicious SFNT in golang.org/x/image

Parsing a malicious font file can cause excessive memory allocation...

GO-2026-4962 Excessive memory allocation when decoding malicious SFNT in golang.org/x/image

Parsing a malicious font file can cause excessive memory allocation...

Memory Allocation with Excessive Size Value

Overview golang.org/x/image/webp is a Package webp implements a decoder for WEBP images. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. An attacker can cause a crash by supplying a WEBP image with an invalid, very large declared size, triggering a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010793)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010793 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010923)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010923 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmallo...

PT-2026-34049

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Parsing a malicious font file can cause excessive memory allocation. Recommendations At the moment, there is no information about a newer version that contains a...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007056)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007056 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a ver...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010854)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010854 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010934)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010934 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled...

SUSE-SU-2026:1497-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the...

OPENSUSE-SU-2026:20567-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCMINFO requests sent from the guest bsc1259079. - CVE-2026-3195: heap out-of-bounds write when reading input audio in the...

ROS-20260420-73-0040

Vulnerability in beats related to uncontrolled memory allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0016

A vulnerability in the maxcertlist parameter of certificate compression in TLS 1.3 of the OpenSSL library is related to uncontrolled memory allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

CVE-2026-40303 zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request t...

CVE-2026-40303 zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request t...

OESA-2026-1992 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation...