21 matches found
DEBIAN-CVE-2026-32814
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...
Out-of-bounds Read
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002571)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002571 advisory. Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized...
NetSurf 安全漏洞
NetSurf is a lightweight browser from the NetSurf organization. A security vulnerability exists in NetSurf version v3.11 that originates from reading uninitialized heap memory when creating a domevent structure...
CVE-2025-45663
NetSurf v3.11 is affected by CVE-2025-45663 due to a vulnerability in dom_event structure creation that reads uninitialized heap memory. The Red Hat, Debian, Ubuntu, and OSV entries corroborate the issue in NetSurf 3.11; however, the provided documents do not specify a fix or patched version. The...
Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2025-1234)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1234 advisory. A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content...
ALPINE-CVE-2025-9640
A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability...
EUVD-2017-2716
Malware in sbrugna...
CVE-2021-0891
An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490...
CVE-2021-3592
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 byte...
SUSE: Security Advisory (SUSE-SU-2020:2240-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 7 : xorg-x11-server (RHSA-2020:5408)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5408 advisory. - A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg...
Scientific Linux Security Update : xorg-x11-server on SL7.x i686/x86_64 (2020:5408)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5408-1 advisory. - xorg-x11-server: Out-of-bounds access in XkbSetMap function CVE-2020-14360 - xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow...
SUSE-SU-2020:2325-1 Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation bsc1174633, ZDI-CAN-11426. - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability bsc1174638,...
Design/Logic Flaw
The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...
CVE-2017-5550
Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision...
CVE-2017-5550
Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision...
Google Android - IOMX 'getConfig'/'getParameter' Information Disclosure
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:6.0.1/MMB29O/2459718:user/release-keys Class: Information Disclosure Summary: The GETCONFIG and GETPARAMETER calls on IOMX ar...
Qemu RTL8139 Uninitialized Heap Memory Information Disclosure Vulnerability
QEMU is an open source emulator software. Qemu, which supports RTL8139 emulation, suffers from an information disclosure vulnerability when processing network messages in the C+ operating mode of the RTL8139 processor, which can be exploited by a client user to read uninitialized Qemu heap memory...
DEBIAN-CVE-2013-2237
The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...