5376 matches found
CVE-2026-1489 Glib: glib: memory corruption via integer overflow in unicode case conversion
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...
EUVD-2026-4826
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...
CVE-2026-1489
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...
CVE-2026-1489 Glib: glib: memory corruption via integer overflow in unicode case conversion
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...
CVE-2026-1489
GLib contains an integer overflow in its Unicode case conversion implementation that can cause memory corruption when processing specially crafted, extremely large Unicode strings, potentially triggering an undersized memory allocation and out-of-bounds writes, leading to application crashes or i...
CVE-2026-1489
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...
CVE-2026-1489
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...
Glib buffer error vulnerability
Glib is a generic, portable utility library for the GNOME project. It provides many useful data types, macros, type conversions, string utilities, file utilities, and abstraction for main loops. Glib has a buffer error vulnerability, which stems from integer overflows in the implementation of...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the realtolower and outputmarks functions. An attacker can cause memory corruption and potentially crash or destabilize applications by submitting specially crafted and extremely large Unicode strings. Remediatio...
UBUNTU-CVE-2026-0810
A flaw was found in gix-date. The gixdate::parse::TimeBuf::asstr function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed...
GitOxide security vulnerabilities
GitOxide is a Git implementation written in Rust by Sebastian Thiel as a personal project. There is a security vulnerability in gix-date; this vulnerability stems from the asstr function potentially generating invalid non-UTF-8 strings, which may lead to unstable applications...
Updated harfbuzz packages fix security vulnerability
Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS. CVE-2026-22693...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004900)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004900 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcsread 1, for buffe...
CVE-2026-24001
CVE-2026-24001 concerns jsdiff, a JavaScript diff library. The description documents a denial-of-service vulnerability: if patch filenames contain line break characters (\r, \u2028, or \u2029), parsePatch can loop infinitely and exhaust memory, crashing the process. The issue affects versions pri...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-35823)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35823 advisory. - In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruptio...
USN-7972-1: OpenCC vulnerability
It was discovered that OpenCC incorrectly handled truncated UTF-8 input. An attacker could possibly use this issue to cause OpenCC to crash, resulting in a denial of service...
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
TITLE: Race Condition in node-tar Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS AUTHOR: Tomás Illuminati Details A race condition vulnerability exists in node-tar v7.5.3 this is to an incomplete handling of Unicode path collisions in the path-reservations system. On...
EUVD-2026-3595
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS...
GHSA-R6Q2-HW4H-H46W Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
TITLE: Race Condition in node-tar Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS AUTHOR: Tomás Illuminati Details A race condition vulnerability exists in node-tar v7.5.3 this is to an incomplete handling of Unicode path collisions in the path-reservations system. On...
CVE-2025-56353
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...