SUSE-SU-2025:01599-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with gdatetimenewfromiso8601 bsc1240897...

FreeBSD : WeeChat -- Multiple vulnerabilities (46594aa3-32f7-11f0-a116-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 46594aa3-32f7-11f0-a116-8447094a420f advisory. The Weechat project reports: Multiple integer and buffer overflows in WeeChat core. Tenable has extract...

CVE-2025-40907

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

CVE-2025-40907

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

CVE-2025-40907

CVE-2025-40907 affects FCGI 0.44–0.82 with the included fcgi2 library (libfcgi) in Perl-based FCGI; root cause is an integer overflow in ReadParams (fcgiapp.c), leading to a heap-based buffer overflow via crafted nameLen/valueLen. Public advisories indicate fixes across multiple distributions: De...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

[SECURITY] [DLA 4150-1] u-boot security update

Debian LTS Advisory DLA-4150-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert May 01, 2025 https://wiki.debian.org/LTS Package : u-boot Version : 2021.01+dfsg-5+deb11u1 CVE ID : CVE-2019-14196 CVE-2022-2347 CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVE-2022-331...

Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

[email protected] reports: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target...

CVE-2025-3588 joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow

A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow...

BIT-HAPROXY-2025-32464

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...

CVE-2025-3360

CVE-2025-3360 : GLib2 contains an integer overflow and buffer under-read when parsing a long invalid ISO 8601 timestamp via g_date_time_new_from_iso8601(). Debian LTS notes a fix in glib2.0 for Bullseye (2.66.8-1+deb11u6); other advisories (e.g., Astra/IBM-related pages) reference GLib fixes. CVS...

CVE-2025-32050 Libsoup: integer overflow in append_param_quoted

A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read...

CVE-2025-32050

A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read...

Amazon Linux 2 : ghostscript (ALAS-2025-2805)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2805 advisory. Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to...

CVE-2025-2912

CVE-2025-2912 (HDF5) affects HDF5 up to 1.14.6. The vulnerability is in the function H5O_msg_flush (src/H5Omessage.c) where manipulation of the argument oh leads to a heap-based buffer overflow. Exploitation requires local access, and public disclosure of the exploit is noted. Connected OSV entri...

CVE-2025-2849 UPX p_lx_elf.cpp un_DT_INIT heap-based overflow

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::unDTINIT of the file src/plxelf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2021-39847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XMP Toolkit SDK version 2020.1 and earlier is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the...

Linux Distros Unpatched Vulnerability : CVE-2017-9172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input- bmp.c:496:29. CVE-2017-9172 Note that Nessus relies on t...

CVE-2025-0678

A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some ...

CVE-2024-45776

CVE-2024-45776 affects GRUB2’s language handling (grub_mofile_open): reading a language .mo file can overflow the internal buffer during allocation due to an unchecked integer overflow, leading to out-of-bounds reads/writes. Consequences described in the sources include leakage of sensitive data ...