495 matches found
CVE-2026-43166 erofs: fix interlaced plain identification for encoded extents
In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mu...
Double-free in `Chomp::inner()`
Chomp::inner uses std::ptr::readunaligned to move out the value from a raw pointer. If the original value is an owned type e.g. Box, calling inner moves out the ownership, but the original variable will still be dropped at the end of its scope. This causes the same heap memory to be freed twice,...
RUSTSEC-2026-0131 Double-free in `Chomp::inner()`
Chomp::inner uses std::ptr::readunaligned to move out the value from a raw pointer. If the original value is an owned type e.g. Box, calling inner moves out the ownership, but the original variable will still be dropped at the end of its scope. This causes the same heap memory to be freed twice,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unaligned DMA cache for long HMAC key memory allocations in the caam driver, which could lead to hash key...
Possible unaligned data access for implementations of `SqliteAggregate`
Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013499)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013499 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we...
Unity Linux 20.1050a / 20.1060a Security Update: kernel (UTSA-2026-013389)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013389 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsimodesense buffer length handling Several problems exist with scsimodesense...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013396)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013396 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsimodesense buffer length handling Several problems exist with scsimodesense...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010679)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010679 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we...
EUVD-2026-20990
Wasmtime: Panic when transcoding misaligned utf-16 strings...
CVE-2026-34942
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...
CVE-2026-34942
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...
Linux Distros Unpatched Vulnerability : CVE-2026-34942
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's...
SUSE CVE-2026-34379
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...
DEBIAN-CVE-2026-34379
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...
CVE-2026-34379 OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...
CVE-2026-34379
CVE-2026-34379 affects OpenEXR across 3.2.x, 3.3.x, and 3.4.x: a misaligned memory write in LossyDctDecoder_execute() for FLOAT channels during in-place HALF→FLOAT conversion. The decoder casts an unaligned uint8_t* row pointer to float* and writes, causing undefined behavior and potential crash ...
Linux Distros Unpatched Vulnerability : CVE-2026-34379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to...
iccDEV 安全漏洞
iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities. These vulnerabilities stemmed from unaligned member access during the processing of custom ICC configuration files,...
Ubuntu 20.04 LTS : sized-chunks vulnerabilities (USN-8118-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8118-1 advisory. Yechan Bae discovered that sized-chunks did not properly validate array size when constructing Chunk. An attacker could possibly use these issues to caus...