CVE-2026-21491 iccDEV has unicode buffer overflow in CIccTagTextDescription

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

CVE-2026-21491 iccDEV has unicode buffer overflow in CIccTagTextDescription

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

CLSA-2026-1767700458 python3: Fix of CVE-2025-4516

CVE-2025-4516: use-after-free in unicode-escape decoder with custom error handlers...

CLSA-2026-1767700070 python3: Fix of CVE-2025-4516

CVE-2025-4516: use-after-free in unicode-escape decoder with custom error handlers...

iccDEV 安全漏洞

iccDEV is an open source color configuration code library from the International Color Consortium ICC. A security vulnerability exists in versions prior to iccDEV 2.3.1.2 that stems from a Unicode buffer overflow in CIccTagTextDescription, which could lead to a buffer overflow attack...

CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

EUVD-2026-1047

AIOHTTP has unicode match groups in regexes for ASCII protocol elements...

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

GHSA-MQQC-3GQH-H2X8 AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the unicode processing of HTTP header values. An attacker can bypass firewall or proxy protections by sending requests containing non-ASCII characters. Note: This is only exploitable if C extensions are not in...

EUVD-2026-1048

AIOHTTP's unicode processing of header values could cause parsing discrepancies...

AIOHTTP's unicode processing of header values could cause parsing discrepancies

Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...

GHSA-69F9-5GXW-WVC2 AIOHTTP's unicode processing of header values could cause parsing discrepancies

Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...

CVE-2025-69224 AIOHTTP's Unicode processing of header values could cause parsing discrepancies

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

CVE-2025-69224

AIOHTTP (Python) vulnerability CVE-2025-69224 affects versions 3.13.2 and below of the Python HTTP parser. The issue arises from how non-ASCII characters may enable a request smuggling attack, potentially bypassing firewalls or proxy protections when a pure-Python build is used or AIOHTTP_NO_EXTE...

CVE-2025-69224 AIOHTTP's Unicode processing of header values could cause parsing discrepancies

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

CVE-2025-69224 AIOHTTP's Unicode processing of header values could cause parsing discrepancies

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

gix-date can create non-utf8 string with `TimeBuf::as_str`

The function gixdate::parse::TimeBuf::asstr can create an illegal string containing non-utf8 characters. This violates the safety invariant of TimeBuf and can lead to undefined behavior when consuming the string. The bug can be prevented by adding str::fromutf8 to the function TimeBuf::write...

[slackware-security] libpcap

New libpcap packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpcap-1.10.6-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Fix OOBR and OOBW in pcapetheraton. Fix a b...