JLSEC-2026-571

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

Security update for apptainer

This update for apptainer fixes the following issues: CVE-2025-58190: Fixed a HTML parser misimplementation of a part of the HTML specification for table related tags. bsc1258048. CVE-2025-47911: Fixed an issue where the HTML parser takes a very long time or even never returns. bsc1258047. Patch...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2308)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attacke...

DEBIAN-CVE-2024-26146

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ru...

CentOS 9 : python3.9-3.9.14-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the python3.9-3.9.14-1.el9 build changelog. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap...

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

CVE-2023-27530

CVE-2023-27530 is a Denial of Service vulnerability in Rack’s Multipart MIME parsing. The issue affects Rack versions prior to v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, where crafted multipart requests can cause parsing to take disproportionately long. Public connected advisories confirm this i...

DEBIAN-CVE-2018-19478

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file...

DEBIAN-CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

UBUNTU-CVE-2018-0361

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file...

rubygems: No size limit in summary length of gem spec

It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary...