USN-8428-1 tmux vulnerability

It was discovered that tmux incorrectly handled image cleanup, leading to a use-after-free vulnerability. A local attacker could possibly use this issue to cause tmux to crash, resulting in a denial of service...

USN-8428-1: tmux vulnerability

It was discovered that tmux incorrectly handled image cleanup, leading to a use-after-free vulnerability. A local attacker could possibly use this issue to cause tmux to crash, resulting in a denial of service...

tmux-3.6b-2.1 on GA media (moderate)

tmux-3.6b-2.1 on GA media Announcement ID: openSUSE-SU-2026:11006-1 Rating: moderate Cross-References: CVE-2026-11623 CVSS scores: CVE-2026-11623 SUSE : 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2026-11623 SUSE : 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N...

CVE-2026-11623

A flaw was found in tmux. A local attacker could exploit a use-after-free vulnerability in the imagefree function, potentially leading to information disclosure or denial of service. Exploitation of this flaw is considered difficult due to its high complexity...

OPENSUSE-SU-2026:11006-1 tmux-3.6b-2.1 on GA media

These are all security issues fixed in the tmux-3.6b-2.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

UBUNTU-CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

CVE-2026-11623 tmux image.c image_free use after free

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

CVE-2026-11623 tmux image.c image_free use after free

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

CVE-2026-11623

CVE-2026-11623 affects tmux up to 3.6a. The vulnerability lies in the image_free function in image.c, resulting in a use‑after‑free. Exploitation requires local access and is described as high complexity, with public disclosure of exploits. A fix is available in tmux 3.7-rc; patch hash fc6d94a9f8...

PT-2026-47640

Name of the Vulnerable Software and Affected Versions tmux versions prior to 3.7-rc Description A use after free issue exists in the image free function within the image.c file. This flaw requires local access to exploit and is characterized by high complexity and difficult exploitability...

tmux 缓冲区错误漏洞

tmux is an open-source terminal multiplexer developed by tmux. Versions of tmux 3.6a and earlier contained a buffer error vulnerability. This vulnerability stemmed from the imagefree function in image.c, which allowed reusing memory after it had been freed, potentially leading to local attacks...

Linux Distros Unpatched Vulnerability : CVE-2026-11623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free...

CVE-2026-47270

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...

CVE-2026-44713

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

CVE-2026-44713

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

EUVD-2026-32657

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

CVE-2026-44713

Pam_usb vulnerability: in versions prior to 0.8.7, src/tmux.c reads the TMUX environment variable, splits on commas, and interpolates the socket-path directly into a shell command passed to popen(), placing the value inside double quotes without sanitisation. This allows an attacker-controlled va...