184 matches found
EUVD-2026-38386
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths...
CVE-2026-49271 libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder
libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...
CVE-2026-49271
CVE-2026-49271 affects libheif prior to 1.22.1. The uncompressed HEIF decoder validates icef compressed-unit offsets with unit_offset + unit_size, which can wrap and allow constructing iterators outside the compressed item buffer, causing an out-of-bounds heap read and crash. This vulnerability i...
CVE-2026-49271
libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Net::CIDR::Lite vulnerabilities (USN-8406-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8406-1 advisory. Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero...
LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file
A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the uncompressedfpdngloadraw functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code...
LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file
A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the uncompressedfpdngloadraw functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code...
Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1624)
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1624 advisory. Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exact...
LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file
A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the uncompressedfpdngloadraw functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code...
Fedora 44 : perl-Net-CIDR-Lite (2026-fe487aa625)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fe487aa625 advisory. This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses: Fix IPv4 mapped IPv6 packed length CVE-2026-4019...
Fedora 42 : perl-Net-CIDR-Lite (2026-4b112416d8)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4b112416d8 advisory. This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses: Fix IPv4 mapped IPv6 packed length CVE-2026-4019...
openSUSE 16 Security Update : libraw (openSUSE-SU-2026:20574-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20574-1 advisory. - CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read bsc1261499. - CVE-2026-20884: integer overflow vulnerability in the...
OPENSUSE-SU-2026:20574-1 Security update for libraw
This update for libraw fixes the following issues: - CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read bsc1261499. - CVE-2026-20884: integer overflow vulnerability in the deflatedngloadraw bsc1261671. - CVE-2026-20889: heap-based buffer overflow vulnerability in the...
SUSE CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...
CVE-2026-5439
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...
CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...
EUVD-2026-21609
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...
CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...
CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...
CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...