EUVD-2022-55347

Malicious code in bioql PyPI...

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

...

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.

...

SUSE CVE-2022-50078

In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes eprobes, I tried to see what would happen if I attempted to retrieve the instruction pointer %rip knowing that event probes do not...

DEBIAN-CVE-2022-50078

In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes eprobes, I tried to see what would happen if I attempted to retrieve the instruction pointer %rip knowing that event probes do not...

UBUNTU-CVE-2022-50078

In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes eprobes, I tried to see what would happen if I attempted to retrieve the instruction pointer %rip knowing that event probes do not...

SUSE-SU-2025:20310-1 Security update for freetype2

This update for freetype2 fixes the following issues: Update to 2.13.2: Some fields in the FTOutline structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. Rare double-free crashes in the...

UBUNTU-CVE-2023-53065

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perfoutputbegin parameter is incorrectly invoked in perfeventbpfoutput syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dumpstack+0x9c/0xd3...

CVE-2023-53065

CVE-2023-53065 is a Linux kernel vulnerability in perf/core where perf_output_begin was invoked with an incorrect parameter in perf_event_bpf_output. Syzkaller reported a KASAN stack-out-of-bounds issue, traced through __perf_event_header__init_id, causing memory overwrites. The root cause is the...

SUSE-SU-2025:20204-1 Security update for freetype2

This update for freetype2 fixes the following issues: Update to 2.13.2: Some fields in the FTOutline structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. Rare double-free crashes in the...

PT-2026-2863

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the scs magic function within the shadow call stack SCS implementation. The function requires a 'void ' variable but receives a 'struct task...

kernel: ipvlan: add ipvlan_route_v6_outbound() helper

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

kernel: ipvlan: add ipvlan_route_v6_outbound() helper

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

DEBIAN-CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

kernel: fs: dlm: fix invalid derefence of sb_lvbptr

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

AZL-11365 CVE-2020-12825 affecting package libcroco 0.6.13-6

libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption...

PT-2020-8876 · Re2C +3 · Re2C +3

Name of the Vulnerable Software and Affected Versions: re2c versions prior to 2.0 Description: The issue is related to uncontrolled recursion, which causes stack consumption in the find fixed tags function. This can lead to potential system instability. Recommendations: For versions prior to 2.0,...

DEBIAN-CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...