385 matches found
iccDEV 安全漏洞
iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.4 contained security vulnerabilities. These vulnerabilities stemmed from a signed integer overflow during multiplication in the iccFromCube.cpp file, which...
GHSA-VHQJ-F5CJ-9X8H ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions
WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. When image dimensions are large, the multiplication overflows 32-bit int, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of...
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions
WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. When image dimensions are large, the multiplication overflows 32-bit int, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of...
Integer Overflow or Wraparound
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
CVE-2026-25794 ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions
ImageMagick is free and open-source software used for editing and manipulating digital images. WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit int, causing an...
CVE-2026-25794
ImageMagick (WriteUHDRImage in coders/uhdr.c) is affected by a signed 32-bit int overflow when computing the pixel buffer size for large dimensions, causing an undersized heap allocation and an out-of-bounds write. A patch is available in version 7.1.2-15 that fixes this issue. The CVE entry note...
kernel: tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
A flaw was found in the Linux kernel’s TCP implementation in the function tcpaddbacklog. When calculating the maximum acceptable backlog for TCP sockets, the sum of the receive buffer skrcvbuf, the send buffer sksndbuf, and a fixed constant may exceed the maximum value of a signed integer due to...
kernel: tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
A flaw was found in the Linux kernel’s TCP implementation in the function tcpaddbacklog. When calculating the maximum acceptable backlog for TCP sockets, the sum of the receive buffer skrcvbuf, the send buffer sksndbuf, and a fixed constant may exceed the maximum value of a signed integer due to...
libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...
Moderate: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: IB/hfi1: Fix sdma.h tx-numdescs off-by-one error CVE-2024-26766 kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in...
UBUNTU-CVE-2025-67125
A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user "-v/--verbose" can cause counter wrap negative/unbounded semantics and lead to logic/policy bypass in applications that rely on occurrence-based...
CVE-2025-67125
A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user "-v/--verbose" can cause counter wrap negative/unbounded semantics and lead to logic/policy bypass in applications that rely on occurrence-based...
CVE-2025-67125
A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user "-v/--verbose" can cause counter wrap negative/unbounded semantics and lead to logic/policy bypass in applications that rely on occurrence-based...
CVE-2021-31227
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
EUVD-2022-55833
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int, and in tcpaddbacklog, the variable limit is caculated by adding skrcvbuf, sksndbuf and 64 1024, it may exceed the ma...
CVE-2022-50865
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int, and in tcpaddbacklog, the variable limit is caculated by adding skrcvbuf, sksndbuf and 64 1024, it may exceed the ma...
CVE-2022-50865
CVE-2022-50865 is a Linux kernel issue: tcp_add_backlog() could overflow an int when computing limit as the sum of sk_rcvbuf, sk_sndbuf, and 64KiB. The fix halves the sndbuf to reduce the limit budget (ACKs smaller than payload). Concrete references appear in multiple OS advisories (e.g., RHSA/EL...
CVE-2022-50865 tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int, and in tcpaddbacklog, the variable limit is caculated by adding skrcvbuf, sksndbuf and 64 1024, it may exceed the ma...
CVE-2022-50865
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int, and in tcpaddbacklog, the variable limit is caculated by adding skrcvbuf, sksndbuf and 64 1024, it may exceed the ma...