JLSEC-2026-328

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

Unity Linux 20.1070e Security Update: zvbi (UTSA-2026-004965)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004965 advisory. A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbistrndupiconvucs2 of the fil...

SUSE CVE-2025-39838

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to cifssfumakenode without checks, which passes it unchecked to cifsstrnduptoutf16, which in turn passes ...

PT-2025-38545

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where a NULL pointer dereference can occur during UTF16 conversion within the CIFS implementation. Specifically, a NULL pointer can be passed to the cifs...

Astra Linux – Vulnerability in zvbi

A vulnerability has been identified in libzvbi up to version 0.2.43. This vulnerability has been declared as a problem. The affected function is vbistrndupiconvucs2 in the file src/conv.c. Manipulating the srclength argument leads to integer overflow. This attack can be carried out remotely. The...

Astra Linux – Vulnerability in zvbi

A vulnerability was discovered in libzvbi up to version 0.2.43. It has been classified as a problematic issue. The affected function is vbistrndupiconvucs2 in the file src/conv.c. Manipulating the srclength argument leads to an uninitialized pointer. This vulnerability can be exploited remotely...

The vulnerability of the VBI libzvbi library’s capture and decoding function is related to a numerical overflow in the _vbi_strndup_iconv() function. This allows an attacker to cause a service failure.

The vulnerability of the VBI libzvbi library’s capture and decoding functions is related to a numerical overflow in the vbistrndupiconv function. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

The vulnerability of the VBI libzvbi library’s capture and decoding function, related to a numerical overflow in the bi_strndup_iconv_ucs2() function, allows attackers to trigger a service denial.

The vulnerability of the VBI libzvbi library’s capture and decoding function is related to a numerical overflow in the bistrndupiconvucs2 function. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

OESA-2025-1330 zvbi security update

The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide ran...

HDF5 H5MM_strndup function buffer overflow vulnerability

HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5MMstrndup function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...

SUSE CVE-2025-2310

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

DEBIAN-CVE-2025-2310

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

SUSE CVE-2025-2175

A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function vbistrndupiconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to...

PT-2025-10701 · Libzvbi +5 · Libzvbi +5

Name of the Vulnerable Software and Affected Versions: libzvbi versions 0.2.43 and earlier Description: A problem has been found in the function vbi strndup iconv ucs2 of the file src/conv.c. The manipulation of the argument src length leads to an integer overflow. This issue can be exploited...

SUSE CVE-2024-26954

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smbstrndupfromutf16 If -NameOffset of smb2createreq is smaller than Buffer offset of smb2createreq, slab-out-of-bounds read can happen from smb2open. This patch set the minimum value of the name...

UBUNTU-CVE-2024-26954

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smbstrndupfromutf16 If -NameOffset of smb2createreq is smaller than Buffer offset of smb2createreq, slab-out-of-bounds read can happen from smb2open. This patch set the minimum value of the name...

SUSE CVE-2011-4153

PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...

php: zend_strndup() NULL pointer dereference may cause DoS

PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...

CVE-2011-4153

PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...