3129 matches found
CVE-2026-41069
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...
EUVD-2026-31503
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...
CVE-2026-41069
Summary: CVE-2026-41069 affects libheif up to v1.21.2, where a malformed HEIF sequence can trigger an out-of-bounds read in core sequence parsing, leading to DoS. The issue occurs when stco.entry_count == 0 but saiz.sample_count > 0, causing the SampleAuxInfoReader loop to dereference an empty...
CVE-2026-41069
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...
CVE-2026-41069 libheif allows Out-of-bounds vector access leading to invalid dereference (DoS)
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...
SUSE-SU-2026:21867-1 Security update for gnutls
This update for gnutls fixes the following issues - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short ciphertexts bsc1263715. - CVE-2026-5419: gnutlscipherdecrypt3: make PKCS7 unpadding...
libheif 代码问题漏洞
Libheif is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Libheif prior to 1.21.2 have a code vulnerability that can be exploited through format-errors in HEIF sequence files. This vulnerability allows for out-of-bound reads,...
PT-2026-42833
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.21.3 Description An out-of-bounds read can occur in the core sequence parsing logic when processing a malformed HEIF sequence file, leading to a Denial of Service DoS. This happens when a file has stco.entry count s...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: ALSA: In the seq function, there was a mismatch in the function’s prototype in sndseqexpandvarevent. With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG feature, indirect call targets are validated against the...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: TCP: Fixed corruption in MPTCP’s DSS due to large PMTU transmissions. Syzkaller was able to trigger DSS corruption: TCP: requestsocksubflowv4: Possible SYN flooding on port :::20002. Sending cookies. ———————— Cut here ———...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: fixed an uninitialized value in caifseqpktsendmsg. When nrsegs equals zero in iovecfromuser, the object msg-msgiter.iov contains uninitialized stack memory, which is used in caifseqpktsendmsg. This behavior is defined in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: flexproportions: making fpropnewperiod safe from hardirq issues. Bernd reported a deadlock issue in the flexible proportions code, which essentially complained about the following race condition: runtimersoftirq – we’re in a...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: DCCP: Fixed an out-of-bounds access in the DCCP error handler. There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only wanted to access the first 8...
Astra Linux - уязвимость в firefox
Parsing an indefinite SEQUENCE within an indefinite GROUP in ASN.1 could result in the parser accepting malformed ASN.1 syntax. This vulnerability affects Firefox versions earlier than 102...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports an abnormal sequence number in the TX release report, which may lead to an out-of-bounds access to the wdring-pages array, causing a NULL...
Astra Linux - уязвимость в screen
In GNU Screen’s encoding.c file, as of version 4.8.0, remote attackers can cause a denial of service attack invalid write access and application crash, or potentially cause unspecified other impacts due to a crafted UTF-8 character sequence...
Astra Linux - уязвимость в edk2
EDK2’s Network Package is vulnerable to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of confidentiality...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix tcpinittransfer so that icskcainitialized is not reset. This commit fixes a bug discovered by syzkaller. The bug could cause spurious double-initulations for congestion control modules. This could lead to memory leaks or...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed the UAF Use-After-Free issue in the eraseblkcountseqshow function. The wear-leveling entry could be freed during an erroneous path, and this entry might be accessed again in eraseblkcountseqshow, for example: c...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Timekeeping: The leap state of the auxiliary timekeeper must be adjusted to the correct value. When the doajdtimex function was introduced to handle adjtimex for any timekeeper, this reference to tkcore was not updated. When this...