SUSE CVE-2026-23333

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlap

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: validate open interval overlap Upstream commit 648946966a08e4cb1a71619e3d1b12bd7642de7b Open intervals do not have an end element, in particular an open interval at the end of the set is hard to validate...

ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"

A crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing...

GHSA-FWQW-2X5X-W566 ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"

A crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing...

CVE-2026-25983

CVE-2026-25983 affects ImageMagick prior to 7.1.2-15 and 6.9.13-40. A crafted MSL script can trigger a heap-use-after-free in the MSLStartElement handling (coders/msl.c), where the operation element handler replaces and frees the image while parsing continues, causing a UAF in ReadBlobString. The...

CVE-2026-25983 ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it,...

CVE-2026-25983 ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it,...

JLSEC-2025-81 Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement(...

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection via the contenthandler.startElement call with missing sanitization. An attacker can manipulate input data by crafting dictionary keys that inject arbitrary XML elements or break the structure of the generated XML document...

libxml2: crafted xml can cause global buffer overflow

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

libxml2: crafted xml can cause global buffer overflow

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

libxml2: crafted xml can cause global buffer overflow

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

SUSE CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

SUSE CVE-2017-13065

GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c...

SUSE CVE-2020-25713

A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon...

UBUNTU-CVE-2020-25713

A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon...

UBUNTU-CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a quoted font family value...

DEBIAN-CVE-2019-9656

An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofxsgml.cpp, as demonstrated by ofxdump...

PT-2019-19780 · Libofx +3 · Libofx +3

Name of the Vulnerable Software and Affected Versions: LibOFX version 0.9.14 Description: An issue was discovered in LibOFX. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx sgml.cpp, as demonstrated by ofxdump. Recommendations: For LibOFX versi...

Google Android System Remote Code Execution Vulnerability (CNVD-2018-07446)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A remote code execution vulnerability exists in the SvoxSsmlParser and startElement of the svoxssmlparser.cpp file in Android. A remote attacker can exploit this vulnerability to...