CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

EUVD-2026-16062

LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash...

LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...

CVE-2024-0151

Arm is aware of a potential software security issue in code that uses Cortex-M Security Extensions CMSE and has been compiled with tools that implement Arm v8-M Security Extensions Requirements on Development Tools before version 1.4. This issue potentially allows an attacker who can pass...

CVE-2024-0151

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions CMSE, that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to...

CVE-2024-0151

CVE-2024-0151 affects software using Cortex-M Security Extensions (CMSE). The issue arises from insufficient argument checking in Secure state Entry functions, allowing values out of range for types smaller than 32-bits to be passed into secure state, potentially causing incorrect operations. Pub...

CVE-2023-4518

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured...

CVE-2023-4518

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured...

Integer overflow

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a...

CVE-2020-25675

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a...

CVE-2020-27764

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...

CVE-2020-27764

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...

CVE-2020-27764

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...

Input validation

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...

CVE-2020-27764

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...

CVE-2020-25675

A flaw was found in ImageMagick. Rounding calculations performed on unconstrained pixel offsets causes undefined behavior in the form of integer overflow and out-of-range values. Such issues could cause a negative impact to application availability or other problems related to undefined behavior,...

PHP has an unspecified vulnerability (CNVD-2016-02888)

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. PHP allows the use of negative range values, and no detailed vulnerability details are provided at this time...