14 matches found
GHSA-3V45-F3VH-WG7M Oj: Stack Buffer Overflow in Oj.dump via Large Indent
Summary Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without validating the size. When opts-indent is set to INTMAX 2,147,483,647, the sizet cast preserves the larg...
Astra Linux – Vulnerability in imagemagick
The function WritePALMImage in /coders/palm.c uses sizet type conversions in several parts of the calculation. This could lead to values that are outside the range of the representable type unsigned long, resulting in undefined behavior when a malicious input file is processed by ImageMagick...
CVE-2026-40250
OpenEXR CVE-2026-40250 affects multiple release series (3.4.0–3.4.9, 3.3.0–3.3.9, 3.2.0–3.2.7) where internal_dwa_compressor.h:1040 computes chan->width * chan->bytes_per_element using int32 arithmetic without a size_t cast, enabling an integer overflow in the DWA decoder outBufferEnd point...
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder
A crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...
CVE-2026-25989
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...
EUVD-2025-34779
An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...
CVE-2025-62495
An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...
EUVD-2020-20268
Malware in sbrugna...
SUSE CVE-2025-39793
In the Linux kernel, the following vulnerability has been resolved: iouring/memmap: cast nrpages to sizet before shifting If the allocated size exceeds UINTMAX, then it's necessary to cast the mr-nrpages value to sizet to prevent it from overflowing. In practice this isn't much of a concern as th...
DEBIAN-CVE-2025-39793
In the Linux kernel, the following vulnerability has been resolved: iouring/memmap: cast nrpages to sizet before shifting If the allocated size exceeds UINTMAX, then it's necessary to cast the mr-nrpages value to sizet to prevent it from overflowing. In practice this isn't much of a concern as th...
CVE-2025-39793
Summary (CVE-2025-39793): In the Linux kernel io_uring/memmap path, the vulnerability arises when allocating memory where nr_pages may overflow during a shift if the size exceeds UINT_MAX. The root cause is failure to cast mr->nr_pages to size_t before shifting, which could allow overflow and ...
PT-2025-37327
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue in the io uring/memmap component where the nr pages value is not cast to size t before shifting, potentially leading to an overflow if the allocated...
Astra Linux – Vulnerability in imagemagick
A vulnerability was discovered in ImageMagick. This security flaw manifests as undefined behaviors when using double to type as sizet in svg, mvg, and other code segments reoccurring bugs of CVE-2022-32546...
CLSA-2023-1689258261 Fix CVE(s): CVE-2022-32546, CVE-2023-34151
SECURITY UPDATE: undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546 - debian/patches/CVE-2023-34151.patch: properly cast double to sizet - CVE-2023-34151...