48 matches found
JLSEC-2026-709
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...
DEBIAN-CVE-2026-59089
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...
GHSA-66M8-C62J-H6V5 jxl-oxide: `FrameBuffer::new` creates out-of-bounds slices on overflow
Summary jxl-oxide exposes a public safe API that can construct an undersized FrameBuffer due to unchecked usize multiplication, which immediately trigger panic while initializing the buffer in normal decoding path. Additionally, calling the safe grouped buffer accessors afterward can create inval...
Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx
Summary The array multiplication operator array integer in Scriban allocates a result whose size is the product of the attacker-controlled integer and the array length, with no LoopLimit / LimitToString check and no overflow-safe arithmetic. A 40-byte template forces a multi-gigabyte allocation,...
Astra Linux – Vulnerability in LCMS2
In Little CMS lcms2 version 2.18, there is an integer overflow in the CubeSize function in cmslut.c, as the overflow check is performed after the multiplication operation...
poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevention of integer overflow issues In the expression “cmd.wqesize cmd.wrcount”, both variables are u32 values provided by the user. This multiplication can lead to integer wrapping. We then pass the result to...
GHSA-C55G-RP4X-FX84 Microsoft DirectX: .spritefont multiply overflow only in 32-bit builds
Impact The spritefont reader can be induced to perform a 32-bit overflow multiply that could in theory result in a RCE. This impacts the use of the DirectX Tool Kit SpriteFont class file loading ctor if given untrusted data files. Note this only applies to x86/ARM builds of the library. ARM64 and...
CVE-2026-40244
OpenEXR exposed an integer overflow in the DWA setupChannelData path. In versions 3.4.0–3.4.9, 3.3.0–3.3.9, and 3.2.0–3.2.7, internal_dwa_compressor.h:1722 performs curc->width * curc->height using int32 arithmetic without a size_t cast, creating an overflow condition. A fix has been applie...
📄 V8 Sandbox Bypass: BigInt Division Memory Corruption
This is a variant of crbug.com/474041332. The issue there was that MultiplyFFT, an optimized version of integer multiplication for very large inputs, is not robust against concurrent modification of its input buffers, but was called from ProcessorImpl::FromStringLarge with a temporary buffer insi...
CVE-2026-3579
Summary: CVE-2026-3579 affects wolfSSL 5.8.4 on RISC-V RV32I. The issue is a lack of a constant-time software implementation for 64-bit multiplication; the compiler-inserted __muldi3 subroutine runs in variable time depending on operand values, creating a timing side-channel for several SP math f...
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...
PT-2026-26332
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp 256 mul 9, sp 256 sqr 9, etc., leading to a...
CVE-2022-50580 blk-throttle: prevent overflow while calculating wait time
In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tgwithinbpslimit that 'bpslimit jiffyelapsedrnd' might overflow. Fix the problem by calling mulu64u64divu64 instead...
CVE-2025-39967
In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcondosetfont Fix integer overflow vulnerabilities in fbcondosetfont where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1...
EUVD-2019-5990
Malware in sbrugna...
PT-2025-39416
Name of the Vulnerable Software and Affected Versions pytorch version 2.7.0 Description A buffer overflow can occur when a PyTorch model includes torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv and is compiled using Inductor. This can lead to a Denial of Service Do...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked multiply overflow that could result in a buffer overflow...
MAL-2024-9241 Malicious code in multiply-proxy-actions-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3f66afd5c02eab401c82eb66ea7de027666d3b52b50915f0859b21e1b374456 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
DEBIAN-CVE-2023-52750
In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPUBIGENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly byte-swap NOP when compiling for big-endian, and the resulting series of bytes happened to match...