263 matches found
CVE-2026-40493
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...
CVE-2026-31415
A flaw was found in the Linux kernel. A local attacker can exploit an integer overflow vulnerability in the ip6datagramsendctl function when processing multiple IPv6 Destination Options DSTOPTS control messages. This issue causes an incorrect calculation of header sizes, leading to a buffer...
389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...
Linux Distros Unpatched Vulnerability : CVE-2026-23377
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects...
CVE-2025-33216
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...
PT-2026-27501
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...
Unity Linux 20.1060a / 20.1070a Security Update: glib2 (UTSA-2026-005914)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005914 advisory. A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape...
kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation
A flaw was found in the Linux kernel's Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control ioctl command. This can lead to an incorrect block size calculation, causing a shift-out-of-boun...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Incorrect Calculation of Buffer Size due to IBM Java (CVE-2026-1188)
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Incorrect Calculation of Buffer Size due to IBM Java. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual...
CVE-2025-14905
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...
CVE-2025-14905
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...
CVE-2025-14905
The Red Hat advisories confirm CVE-2025-14905 affects the 389-ds-base server, with a heap buffer overflow in the schema_attr_enum_callback in schema.c. The flaw arises from calculating buffer size by summing alias string lengths without accounting for additional formatting characters, enabling a ...
CVE-2025-14905
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...
CVE-2025-33124
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size...
CVE-2025-33124 Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size...
CVE-2025-33124 Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size...
CVE-2025-33124
CVE-2025-33124 affects IBM Db2 Merge Backup for Linux, UNIX and Windows v12.1.0.0. An authenticated user can crash the program due to an incorrect calculation of a buffer size in the affected component. The vulnerability is described in IBM’s bulletin and Red Hat/NVD entries, with an exploit path...
kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation
A flaw was found in the Linux kernel's Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control ioctl command. This can lead to an incorrect block size calculation, causing a shift-out-of-boun...
CVE-2026-25541
CVE-2026-25541 affects the Bytes Rust crate for versions 1.2.1 through 1.11.0. The issue is an integer overflow in BytesMut::reserve during the unique reclaim path, where an unchecked addition can make v_capacity >= new_cap + offset pass in release builds, causing self.cap to exceed allocated ...
Integer overflow in `BytesMut::reserve`
In the unique reclaim path of BytesMut::reserve, the condition rs if vcapacity = newcap + offset uses an unchecked addition. When newcap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacit...