CVE-2026-33021

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. An attacker who controls incoming frames can exploit a use-after-free vulnerability. This occurs because a caller-owned pixel buffer is prematurely freed during a resize operation, leaving a dangling pointer. This can lead to a...

Low: lz4

Issue Overview: No CVE associated with this advisory Affected Packages: lz4 Issue Correction: Run dnf update lz4 --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1266 --releasever 2023.9.20251110 to update your system. More information on how to update your system can be found ...

Low: lz4

Issue Overview: No CVE associated with this advisory Affected Packages: lz4 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update lz4 or yum update --advisory...

Low: firefox

Issue Overview: No CVE associated with this advisory Affected Packages: firefox Issue Correction: Run dnf update firefox --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1284 --releasever 2023.9.20251110 to update your system. More information on how to update your system can b...

TencentOS Server 4: lz4 (TSSA-2025:0847)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0847 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2025-62813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LZ4 through 1.10.0 allows attackers to cause a denial of service application crash or possibly have unspecified other impact when the application processes...

UBUNTU-CVE-2025-62813

LZ4 through 1.10.0 allows attackers to cause a denial of service application crash or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4FcreateCDictadvanced in lib/lz4frame.c mishandles NULL checks...

CVE-2025-62813

LZ4 through 1.10.0 allows attackers to cause a denial of service application crash or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4FcreateCDictadvanced in lib/lz4frame.c mishandles NULL checks...

CVE-2025-62813

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

EUVD-2025-35652

LZ4 through 1.10.0 allows attackers to cause a denial of service application crash or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4FcreateCDictadvanced in lib/lz4frame.c mishandles NULL checks...

CVE-2025-62813

CVE-2025-62813 corresponds to a vulnerability in LZ4 processing of untrusted frames (CVE-2025-62813) that can cause a denial of service or other unspecified impact. Connected advisories show affected packages across Linux distributions: LZ4 (versions less than 1.9.4-2 on Amazon Linux 2/ALAS2 and ...

CVE-2025-62813

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2025-62813

...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Pages held in frames are able to change the location of pages in unrelated frames on the parent page – Opera Security Advisories

Pages held in frames are able to change the location of pages in unrelated frames on the parent page – Opera Security Advisories OPCOM Team | June 11, 2008 Severity: Less Severe Problem Description: Pages from different sources held on the same parent page should not be able to modify the locatio...