CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

CVE-2025-21836

In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: reallocate buf lists on upgrade IORINGREGISTERPBUFRING can reuse an old struct iobufferlist if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field shoul...

DEBIAN-CVE-2024-50042

In the Linux kernel, the following vulnerability has been resolved: ice: Fix increasing MSI-X on VF Increasing MSI-X value on a VF leads to invalid memory operations. This is caused by not reallocating some arrays. Reproducer: modprobe ice echo 0 /sys/bus/pci/devices/$PFPCI/sriovdriversautoprobe...

CVE-2021-47388

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix use-after-free in CCMP/GCMP RX When PN checking is done in mac80211, for fragmentation we need to copy the PN to the RX struct so we can later use it to do a comparison, since commit bf30ca922a0c "mac80211: check...

PT-2024-20953 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-640 Description: The issue is related to an out-of-memory bug in the AP4 DataBuffer::ReallocateBuffer function. Recommendations: For Bento4 version 1.6.0-640, consider restricting the use of the AP4...

Google Asylo Buffer Error Vulnerability

Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A buffer error vulnerability exists in Google Asylo version 0.6.0 and...

Lhasa lha decode_level3_header Heap Corruption Vulnerability

SUMMARY An exploitable integer underflow exists during calculation size for all headers in decodelevel3header function of Lhasa lha application. Smaller value of headerlen than LEVEL3HEADERLEN 32 cause during subtraction integer underflow and lead later to memory corruption via heap based buffer...

Qt 4.6.3 - QTextEngine::LayoutData::reallocate() Memory Corruption

Qt 4.6.3 - QTextEngine::LayoutData::reallocate Memory Corruption source: https://www.securityfocus.com/bid/41873/info Qt is prone to a remote memory-corruption vulnerability. Successful exploits may allow the attacker to execute arbitrary code in the context of the application. Failed exploit...