45 matches found
EUVD-2026-38730
In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB read in compatmtwfromuser Luxiao Xu says: The function compatmtwfromuser converts ebtables extensions from 32-bit user structures to kernel native structures. However, it lacks proper validation of th...
SUSE-SU-2026:2396-1 Security update for openssl-1_0_0
This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delt...
CVE-2026-46690 unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
unboundedspsc is an "unbounded" extension of boundedspscqueue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches...
CVE-2026-46690 unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
unboundedspsc is an "unbounded" extension of boundedspscqueue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches...
JLSEC-2026-540
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability...
BIT-JRE-2024-47597 GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...
BIT-JRE-2024-47546 GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...
Security update for libraw
This update for libraw fixes the following issues: CVE-2026-5342: out-of-bounds read via LibRaw::nikonloadpaddedpackedraw bsc1261499. CVE-2026-20884: integer overflow and heap buffer overflow via deflatedngloadraw bsc1261671. CVE-2026-20889: heap-based buffer overflow in x3fthumbloaderbsc1261672...
MiracleLinux 9 : thunderbird-140.9.1-1.el9_7.ML.1 (AXSA:2026-483:08)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-483:08 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of...
CVE-2026-32829
lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...
CVE-2026-25884
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004327)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004327 advisory. In uvcparsestandardcontrol of uvcdriver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure wi...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001447)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001447 advisory. In bpfskbchangehead of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System executi...
SUSE SLED15: libpng16-16 / libpng16-16-32bit / libpng16-compat-devel / etc (SUSE-SU-2025:4494-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4494-1 advisory. - CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread...
OESA-2025-2489 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...
CVE-2025-11414
A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function getlinkhashentry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and...
GNU Binutils 安全漏洞
GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...
CVE-2025-11081
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dumpdwarfsection of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named...
CVE-2025-23255
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of service...
Linux Distros Unpatched Vulnerability : CVE-2019-9233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wpasupplicant8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional...