SUSE CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

Linux Distros Unpatched Vulnerability : CVE-2026-40917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An...

CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

PT-2026-33128

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icns slurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that proces...

Azure Linux 3.0 Security Update: jq (CVE-2024-53427)

The version of jq installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53427 advisory. - decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric,...

CLSA-2025-1765478108 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

EUVD-2002-0904

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-53427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflo...

Linux Distros Unpatched Vulnerability : CVE-2019-9073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocatio...

Malicious code in test-mlw2-ziffs-slurp (npm)

The package test-mlw2-ziffs-slurp was found to contain malicious code...

MAL-2025-36681 Malicious code in test-mlw2-ziffs-slurp (npm)

The package test-mlw2-ziffs-slurp was found to contain malicious code...

Important: jq

Issue Overview: decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has...

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

...

SUSE CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

AZL-57376 CVE-2024-53427 affecting package jq for versions less than 1.7.1-2

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

DEBIAN-CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

ALPINE-CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

CVE-2024-49749

In DGifSlurp of dgiflib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c.

...

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

...