CVE-2026-43406

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in processmessageheader If the message frame is maliciously corrupted in a way that the length of the control segment ends up being less than the size of the message header or a...

CVE-2026-7135

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

EUVD-2026-24882

In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavfgetethtoolstats iavf incorrectly uses realnumtxqueues for ETHSSSTATS. Since the value could change in runtime, we should use numtxqueues instead. Moreover iavfgetethtoolstats uses...

libgphoto2 安全漏洞

libgphoto2 is an open-source camera access and control library developed by gPhoto. Versions of libgphoto2 prior to 2.5.33 contained security vulnerabilities. These vulnerabilities stemmed from the ptpunpackOI function in the camlibs/ptp2/ptp-pack.c file, which allowed access to offsets beyond th...

CVE-2026-33900

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a...

DEBIAN-CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

CVE-2026-33850

CVE-2026-33850 concerns an out-of-bounds write in WujekFoliarz DualSenseY-v2 (affected before v54). The CVSS 3.1 base score is 7.8 (HIGH), with LOCAL attack vector, low complexity, no privileges required, but USER INTERACTION NEEDED. Impacts include confidentiality, integrity, and availability. T...

CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...

Linux Distros Unpatched Vulnerability : CVE-2026-3909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page...

EUVD-2026-9245

In multiple functions of memprotect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-71234

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxustaadd The driver does not set hw-stadatasize, which causes mac80211 to allocate insufficient space for driver private station data in stainfoalloc. When rtl8xxxustaadd accesses...

CVE-2025-69419

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

SUSE CVE-2025-68777

In the Linux kernel, the following vulnerability has been resolved: Input: tiam335xtsc - fix off-by-one error in wireorder validation The current validation 'wireorderi ARRAYSIZEconfigpins' allows wireorderi to equal ARRAYSIZEconfigpins, which causes out-of-bounds access when used as index in...

CVE-2025-70298

GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmxparsetags function...

CVE-2023-54135 maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix potential out-of-bounds access in maswrendpiv Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot array if the write extend...

CVE-2025-48623

In initpkvmhypvcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()

...

SUSE CVE-2025-40252

In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend The loops in 'qedetpacont' and 'qedetpaend', iterate over 'cqe-lenlist' using only a zero-length terminator as the stopping condition. If the...

CVE-2025-33190

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or escalation of privileges...