cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

GHSA-JGGG-4JG4-V7C6 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

Summary protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. Impact An...

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

CLSA-2026-1779193855 ImageMagick: Fix of CVE-2026-42050

CVE-2026-42050: fix stack buffer overflow in XTileImage when loading malicious MIFF in display tool...

CVE-2026-8258

A flaw was found in Squirrel. A local attacker can exploit a vulnerability in the validateformat function, which processes string formats, by providing specially crafted input. This manipulation can cause a stack-based buffer overflow, potentially leading to a denial of service or the execution o...

CLSA-2026-1779190223 opensc: Fix of 5 CVEs

CVE-2023-5992: implement constant-time PKCS1 v1.5 depadding to prevent Bleichenbacher/Marvin-style timing attacks - CVE-2025-49010: fix stack buffer overflow write in iso7816 GET RESPONSE - CVE-2025-66037: fix out-of-bounds heap read in scpkcs15pubkeyfromspkifields - CVE-2025-66038: fix buffer...

Updated postgresql15 packages fix security vulnerabilities

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. CVE-2026-6472 PostgreSQL server undersizes allocations, via integer wraparound. CVE-2026-6473 PostgreSQL timeofday can disclose portions of server memory. CVE-2026-6474 PostgreSQL pgbasebackup and pgrewind can overwrite...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the fx operation. An attacker can cause a denial of service by supplying a specially crafted argument that triggers a stack overflow. Remediation A fix was pushed into the master branch but not yet published...

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Uncontrolled Recursion

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Uncontrolled Recursion

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Uncontrolled Recursion

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

ImageMagick: Stack overflow in fx operation

Due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument...

GHSA-RCR6-G7JC-F57G ImageMagick: Stack overflow in fx operation

Due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument...

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836

Summary: lwIP up to 2.2.1 contains a vulnerability in the SNMPv3 USM handler. The issue is in the function snmp_parse_inbound_frame (file: src/apps/snmp/snmp_msg.c) where manipulating msgAuthenticationParameters can cause a stack-based buffer overflow. The attack is potentially remote. A patch is...

EUVD-2026-30793

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836 lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...