BIT-PYTHON-MIN-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attacks due to...

Astra Linux - уязвимость в libxml2

A issue was discovered in libxml2 before version 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters may overflow. This leads to an attempt to access an array at a negative 2GB offset, typically resulting in a segmentation fault...

Astra Linux - уязвимость в raptor2

In the Raptor RDF Syntax Library version 2.0.16, there is an integer underflow issue when normalizing a URI using the turtle parser in the raptorurinormalizepath function...

Astra Linux - уязвимость в cgal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed an out-of-bounds read in the rtwgetie parser. The Information Element IE parser in rtwgetie trusted the length byte of each Information Element without verifying that the IE body len bytes after the 2-by...

Astra Linux - уязвимость в cgal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux - уязвимость в cgal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux - уязвимость в cgal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux - уязвимость в firefox, thunderbird, expat

A issue was discovered in libexpat before version 2.6.4. There is a crash within the XMLResumeParser function, as XMLStopParser can stop/suspend a parser that has not been started...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI parser refactoring of packet parsing logic wordscount represents the number of words in the total payload, while data points to the payload of various properties within it. When wordscount reaches the last word,...

Astra Linux - уязвимость в pkgconf

In pkgconf up to 1.9.3, variable duplication can lead to unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleParse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed an infinite loop issue when len is 0 in the tcpbpfrecvmsg parser. When the buffer length of the recvmsg system call is 0, a soft lockup problem occurred. watchdog: BUG: Soft lockup – CPU3 stuck for 27...

Astra Linux - уязвимость в bouncycastle

Bouncy Castle for Java before version 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM-encoded streams containing X.509 certificates, PKCS8-encoded keys, and PKCS7 objects. Parsing a file that...

Astra Linux - уязвимость в cgal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...