CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Cvelist•added 2026/04/13 9:43 p.m.•13 views

CVE-2026-40312 ImageMagick: Off-by-One in MSL decoder could result in crash

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19...

6.2CVSS0.00005EPSS

Exploits0References4

RedHat Linux•added 2025/05/13 7:14 p.m.•4 views

xz: XZ has a heap-use-after-free bug in threaded .xz decoder

A flaw was found in the XZ Utils library. In affected versions, the multithreaded .xz decoder in liblzma has a bug where invalid input can trigger a heap use-after-free condition, allowing writes to an address based on the null pointer plus an offset. This issue may result in a crash or other...

8.7CVSS5.8AI score0.00041EPSS

Exploits0References7

Cvelist•added 2025/04/03 4:57 p.m.•34 views

CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS0.00041EPSS

Exploits0References3

Snyk•added 2025/04/02 9:0 p.m.•2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free when processing multiple threads in the workerdecoder function in streamdecodermt.c. An attacker can cause the input buffer to be freed while a worker-specific thread is still writing to it, triggering a crash. Note: The...

8.7CVSS7.7AI score0.00041EPSS

Exploits0References2

Positive Technologies•added 2024/11/17 12:0 a.m.•1 views

PT-2024-40631 · Git +1 · Flac

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 4 crash has been reported. The crash involves the process page , FLAC ogg decoder aspect skip link, and FLAC stream decoder...

7AI score

Exploits0References2

SUSE CVE•added 2023/02/15 5:25 a.m.•3 views

SUSE CVE-2014-9028

Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

7.5CVSS8.3AI score0.25739EPSS

Exploits0References6

OSV•added 2018/04/25 9:29 p.m.•1 views

UBUNTU-CVE-2017-6888

An error in the "readmetadatavorbiscomment" function src/libFLAC/streamdecoder.c in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file...

5.5CVSS5.9AI score0.0029EPSS

Exploits0References5

OSV•added 2014/12/05 12:0 a.m.•22 views

DLA-99-1 flac - security update

Bulletin has no description...

7.5CVSS6AI score0.25739EPSS

Exploits0