CVE-2026-42250

CVE-2026-42250 describes an off‑by‑one error in the bzip2recover utility of bzip2. Processing a specially crafted file can trigger an out‑of‑bounds write to a global buffer, causing memory corruption and a denial of service (local impact). The issue is fixed in bzip2 version 1.0.9. Affected compo...

EUVD-2026-32012

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

CLSA-2026-1778175067 cyrus-sasl: Fix of CVE-2019-19906

CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...

CVE-2026-33857

CVE-2026-33857 concerns the Apache HTTP Server, specifically the mod_proxy_ajp component, with an out-of-bounds read in AJP getter functions affecting versions up to 2.4.66. Upgrading to version 2.4.67 is the documented fix. The available connected sources confirm the affected product, the vulner...

Off-by-one Error

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

EUVD-2006-7234

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

EUVD-2026-10801

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

Linux Distros Unpatched Vulnerability : CVE-2025-71196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phy: stm32-usphyc: Fix off by one in probe The index variable is used as an index into the usbphyc-phys array which has usbphyc-nphys elements. So if it is equa...

PT-2026-3887

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...

iavf: fix off-by-one issues in iavf_config_rss_reg()

...

Linux Distros Unpatched Vulnerability : CVE-2025-71087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iavf: fix off-by-one issues in iavfconfigrssreg There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory ...

Linux Distros Unpatched Vulnerability : CVE-2024-43852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: hwmon: ltc2991 re-order conditions to fix off by one bug LTC2991TINTCHNR is 4. The st-tempen...

kernel: ext4: fix off-by-one error in do_split

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

CVE-2024-48854

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec...

UBUNTU-CVE-2024-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in allocflexgd Wesley reported an issue: ================================================================== EXT4-fs dm-5: resizing filesystem from 7168 to 786432 blocks ------------ cut here -----------...

CVE-2024-43852

In the Linux kernel, the following vulnerability has been resolved: hwmon: ltc2991 re-order conditions to fix off by one bug LTC2991TINTCHNR is 4. The st-tempen array has LTC2991MAXCHANNEL 4 elements. Thus if "channel" is equal to LTC2991TINTCHNR then we have read one element beyond the end of th...

CVE-2024-43852

CVE-2024-43852 refers to a Linux kernel hwmon LTC2991 off-by-one bug in which LTC2991_T_INT_CH_NR is 4 and st->temp_en[] has 4 elements. The vulnerability occurs when channel equals LTC2991_T_INT_CH_NR, reading beyond the end of the array. The fix, described in the description, is to reorder t...

CVE-2024-43852

In the Linux kernel, the following vulnerability has been resolved: hwmon: ltc2991 re-order conditions to fix off by one bug LTC2991TINTCHNR is 4. The st-tempen array has LTC2991MAXCHANNEL 4 elements. Thus if "channel" is equal to LTC2991TINTCHNR then we have read one element beyond the end of th...

PT-2024-2717

Name of the Vulnerable Software and Affected Versions libvirt affected versions not specified Description The issue is related to an off-by-one error flaw in the udevListInterfacesByStatus function in libvirt. This flaw occurs when the number of interfaces exceeds the size of the names array. An...

PT-2024-1741 · Tiny-Curl +2 · Tiny-Curl +2

Name of the Vulnerable Software and Affected Versions: curl versions 8.4.0 through 8.5.0 tiny-curl version 8.4.0 Description: The issue is related to an off-by-one out-of-bounds array index in the tool cb wrt component of the curl and tiny-curl utilities. This could allow a remote attacker to...