20 matches found
SUSE CVE-2026-46199
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg...
SUSE CVE-2026-33899
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-1...
EUVD-2026-22100
ImageMagick has a heap-Buffer-Overflow write of a single zero byte when parsing xml...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...
kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses
A bounds-checking flaw was found in the Linux kernel Small Computer System Interface Enclosure Services driver in the way descriptor pointers are validated while processing enclosure data. Missing checks could allow an out-of-bounds access during parsing. A local user could use this flaw to crash...
Soda PDF Desktop 缓冲区错误漏洞
Soda PDF Desktop is a full-featured PDF editing software from Soda Canada. Soda PDF Desktop suffers from a buffer error vulnerability that stems from a lack of validation of user-supplied data when parsing PDF files, which could lead to out-of-bounds reads and information disclosure...
CVE-2025-66497 Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987533)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987533 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing CPC data If the NumEntries field in the CPC...
EUVD-2021-12575
Malware in sbrugna...
CVE-2025-57778
Digilent DASYLab DSB file parsing vulnerability (CVE-2025-57778): out-of-bounds write due to improper bounds checking enables arbitrary code execution when a user opens a malicious DSB file. Affected software is DASYLab; parsing of DSB files is the root cause. ZDI-25-891 confirms remote code exec...
CVE-2025-9189 Out Of Bounds Write when parsing a DSB file with Digilent DASYLab
There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...
DEBIAN-CVE-2022-49239
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: Add missing ofnodeput in wcd934xcodecparsedata The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This is similar to commit 64b92de9603f...
kernel: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing CPC data If the NumEntries field in the CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then...
Design/Logic Flaw
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...
CVE-2021-41687
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...
OESA-2022-1521 tinyxml security update
TinyXML parses an XML document, and builds from that a Document Object Model DOM that can be read, modified, and saved. XML is a very structured and convenient format. All those random file formats created to store application data can all be replaced with XML. One parser for everything. Security...
TinyXML 安全漏洞
TinyXML is a C++ XML parser that can be easily integrated into other programs. An infinite loop vulnerability exists in TiXmlParsingData::Stamp in tinyxmlparser.cpp in TinyXML 2.6.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted XML...
CVE-2019-2391
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to...