SUSE CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

Linux Distros Unpatched Vulnerability : CVE-2026-40917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An...

CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

PT-2026-33128

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icns slurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that proces...

Azure Linux 3.0 Security Update: jq (CVE-2024-53427)

The version of jq installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53427 advisory. - decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric,...

CLSA-2025-1765478108 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

EUVD-2002-0904

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-53427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflo...

Linux Distros Unpatched Vulnerability : CVE-2019-9073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocatio...

Malicious code in test-mlw2-ziffs-slurp (npm)

The package test-mlw2-ziffs-slurp was found to contain malicious code...

MAL-2025-36681 Malicious code in test-mlw2-ziffs-slurp (npm)

The package test-mlw2-ziffs-slurp was found to contain malicious code...

Important: jq

Issue Overview: decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has...

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

...

SUSE CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

AZL-57376 CVE-2024-53427 affecting package jq for versions less than 1.7.1-2

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

ALPINE-CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

DEBIAN-CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

CVE-2024-49749

In DGifSlurp of dgiflib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-1972

...

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

...