300 matches found
OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
Summary The B44/B44A decoder in OpenEXR reconstructs row pointers into a scratch buffer using int. When the channel width nx is large enough, the product y nx overflows int, causing the row pointer to wrap before the start of the scratch buffer. Subsequent memcpy calls then write decoded pixel...
CLSA-2026-1775211239 openexr: Fix of 4 CVEs
CVE-2025-12495 CVE-2025-12839 CVE-2025-12840: fix heap buffer overflows in the C core decoding pipeline missing nread validation in exrreadchunk, missing packed/unpacked size check for uncompressed tiles, missing storagemode guard in chunk offset computation - CVE-2025-64181: fix use of...
CLSA-2026-1774519941 webkit2gtk3: Fix of CVE-2025-43441
CVE-2025-43441: fix macro scratch register spilling in OMG tail calls to prevent memory corruption via crafted web content...
[SECURITY] Fedora 42 Update: vsftpd-3.0.5-14.fc42
vsftpd is a Very Secure FTP daemon. It was written completely from scratch...
[SECURITY] Fedora 43 Update: vsftpd-3.0.5-14.fc43
vsftpd is a Very Secure FTP daemon. It was written completely from scratch...
EUVD-2022-55867
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50831
...
CVE-2022-50831
Affected software: Linux kernel mac80211 component. Issue: use-after-free in parsing multi-BSSID elements where element pointers could reference memory that was freed prematurely. Root cause: lifetime management of parsed elements leads to dangling pointers when returned structures are accessed. ...
AutoBaxBuilder: Bootstrapping Code Security Benchmarking
As LLMs see wide adoption in software engineering, the reliable assessment of the correctness and security of LLM-generated code is crucial. Notably, prior work has demonstrated that security is often overlooked, exposing that LLMs are prone to generating code with security vulnerabilities. These...
Malicious Package
Overview realtime-from-scratch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2020-7238
Malware in sbrugna...
EUVD-2020-18845
Malware in sbrugna...
EUVD-2020-0570
Malware in sbrugna...
EUVD-2013-2868
Malware in sbrugna...
EUVD-2020-1459
Malware in sbrugna...
EUVD-2022-0612
Malicious code in bioql PyPI...
EUVD-2024-33174
Malicious code in bioql PyPI...
EUVD-2024-50946
Malicious code in bioql PyPI...
EUVD-2024-34220
Malicious code in bioql PyPI...
EUVD-2025-29603
Malicious code in bioql PyPI...