Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the pngsetPLTE, pngsettRNS, and pngsethIST functions. An attacker can cause corrupted chunk metadata or leak heap contents by passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the...

ALPINE-CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

CLSA-2026-1775722568 binutils: Fix of 4 CVEs

CVE-2025-5244: fix NULL pointer dereference in elfgcsweep for empty section groups - CVE-2025-5245: fix memory corruption in debugtypesamep incorrect NULL check - CVE-2026-3441: fix out-of-bounds read in xcofflinkaddsymbols xscnlen bounds check - CVE-2026-3442: fix out-of-bounds read in...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

RLSA-2026:6799 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP...

NULL Pointer Dereference When Processing a Delta CRL

...

CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer

...

PT-2026-31620

Name of the Vulnerable Software and Affected Versions LIBPNG versions 1.0.9 through 1.6.56 Description LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A flaw exists where passing a pointer obtained from png get PLTE, png get tRNS, or png get hIST back int...

SUSE CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

SUSE CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

CLSA-2026-1775688216 augeas: Fix of CVE-2025-2588

CVE-2025-2588: fix null pointer dereference in recaseexpand...

CVE-2026-31411

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM networking component. A local attacker, by acting as a malicious signaling daemon, could send a specially crafted message containing an unvalidated pointer. This unvalidated pointer would be directly used by the kernel, leading...

Security Bulletin: EDB PGAI Databases is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI Databases 18.0. It has been addressed in 18.2. Hence, IBM strongly recommends upgrading to 18.2. Vulnerability Details CVEID:CVE-2024-25260 DESCRIPTION: elfutils v0.189 was discovered to contain a NULL pointer dereference via the handleverdef...

EUVD-2026-20469

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

Summary The DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This bug is reachable from the...

EUVD-2026-19348

OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write...

GHSA-P8XC-W3Q4-H64X OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

Summary The DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This bug is reachable from the...

CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

DEBIAN-CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

UBUNTU-CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...