CVE-2025-12198

A heap-based buffer overflow vulnerability in dnsmasq within the parsehex function of src/util.c. When parsing malformed DHCP option values in configuration files, dnsmasq miscalculates the output length and writes beyond the allocated heap buffer. This can cause a crash Denial of Service and, in...

CVE-2025-12200

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

CVE-2025-12198

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

EUVD-2025-36059

A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parsedhcpopt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has...

CVE-2025-12200

...

CVE-2025-12198

...

EUVD-2025-36061

A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is the function parsehex of the file src/util.c of the component Config File Handler. The manipulation of the argument i leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2025-12198

...

CVE-2025-12198

Removed by vendor...

PT-2025-43758

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.73rc6 Description A flaw exists in dnsmasq related to the parse dhcp opt function within the Config File Handler component, specifically in the file src/option.c. Manipulation of the argument m can lead to a null...

PT-2025-43756

Name of the Vulnerable Software and Affected Versions dnsmasq versions up to 2.73rc6 Description A flaw exists in dnsmasq that involves a heap-based buffer overflow. This issue is located within the Config File Handler component, specifically in the parse hex function of the src/util.c file. The...

PT-2025-47123

Name of the Vulnerable Software and Affected Versions W3 Total Cache versions prior to 2.8.13 Description The W3 Total Cache WordPress plugin is affected by a command injection issue through the parse dynamic mfunc function. This allows unauthenticated users to execute arbitrary PHP commands by...

OESA-2025-2507 perl-Spreadsheet-ParseExcel security update

The Spreadsheet::ParseExcel module can be used to read information from an Excel 95-2003 file. Security Fixes: Spreadsheet::ParseExcel version 0.65, a Perl module for parsing Excel files, is vulnerable to arbitrary code execution ACE due to passing unvalidated input from a file into a string-type...

EulerOS 2.0 SP13 : ncurses (EulerOS-SA-2025-2272)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function...

SUSE CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

JLSEC-2025-174 An issue was discovered in GNU gettext 0.19.8

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

EUVD-2025-35181

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2020-36855

CVE-2020-36855 affects DCMTK up to 3.6.5, specifically the dcmqrscp component and its parseQuota function. The issue is a stack-based buffer overflow caused by manipulated StorageQuota, requiring local access. The vulnerability has public exploits and is fixed by upgrading to DCMTK 3.6.6 (patch i...

DCMTK 安全漏洞

DCMTK is a collection of libraries and applications that implement most of the DICOM standards from the DCMTK open source. Software for inspecting, building, and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...