JLSEC-2025-174 An issue was discovered in GNU gettext 0.19.8

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

EUVD-2025-35181

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2020-36855

CVE-2020-36855 affects DCMTK up to 3.6.5, specifically the dcmqrscp component and its parseQuota function. The issue is a stack-based buffer overflow caused by manipulated StorageQuota, requiring local access. The vulnerability has public exploits and is fixed by upgrading to DCMTK 3.6.6 (patch i...

DCMTK 安全漏洞

DCMTK is a collection of libraries and applications that implement most of the DICOM standards from the DCMTK open source. Software for inspecting, building, and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the lwsadnsparselabel function when the LWSWITHSYSASYNCDNS flag is enabled during compilation. An attacker can execute arbitrary code or cause a crash by crafting a malicious DNS response with a label...

PT-2025-42761

Name of the Vulnerable Software and Affected Versions libwebsockets affected versions not specified Description A stack-based buffer overflow exists in the lws adns parse label function within libwebsockets. This occurs when the LWS WITH SYS ASYNC DNS flag is enabled during compilation and an...

JLSEC-2025-105 FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_pa...

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645parse because allocrbspbuffer in libavcodec/h2645parse.c mishandles rbspbuffer...

JLSEC-2025-140 FFmpeg n6.1.1 is Integer Overflow

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

JLSEC-2025-119 An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729...

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...

JLSEC-2025-77 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53261: coresight: Fix memory leak in acpibuffer-pointer bsc1249770. CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708...

SUSE CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

CVE-2025-62381

sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...

CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

Malicious Package

Overview parse-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview vite-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

Prototype Pollution

Overview sveltekit-superforms is a Making SvelteKit forms a pleasure to use! Affected versions of this package are vulnerable to Prototype Pollution via the parseFormData function. An attacker can inject properties into Object.prototype by submitting specially crafted form parameters, which can...

EUVD-2025-34681

sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...