MGASA-2026-0198 Updated radare2 packages fix security vulnerability

CVE-2026-40499, Command Injection via PDB Parser printgvars...

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

CVE-2026-40499

A flaw was found in radare2, specifically within the PDB parser's printgvars function. A remote attacker could exploit this vulnerability by crafting a malicious PDB Program Database file. By embedding a newline byte in the PE Portable Executable section header name field, the attacker can inject...

EUVD-2026-22826

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Use After Free

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Use After Free

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

EUVD-2025-32315

Malicious code in bioql PyPI...

CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file, when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.2...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file, when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.22...

PT-2023-5059 · Microsoft +1 · Visual Studio +2

Name of the Vulnerable Software and Affected Versions: Visual Studio affected versions not specified Description: The issue is related to insufficient input validation in Visual Studio, which can be exploited to execute arbitrary code. This can allow an attacker to run malicious code on the syste...

CVE-2018-1037

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database PDB files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio...

CVE-2001-1258

Horde Internet Messaging Program IMP before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server...

Security Update for the information disclosure vulnerability in Visual Studio 2010 Service Pack 1 (KB4091346)

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database PDB files. An attacker who exploits the vulnerability could view uninitialized memory from the computer that is used to compile a progra...

Security Update for the information disclosure vulnerability in Visual Studio 2013 Update 5 (KB4089283)

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database PDB files. An attacker who exploits the vulnerability could view uninitialized memory from the computer that is used to compile a progra...