Advisory ROSA-SA-2026-3302

Project: libid3tag 0.15.1b Operating System: ROSA-CHROME Unaffected versions: = libid3tag-0.15.1b-25 Affected versions: libid3tag-0.15.1b-25 CVE-ID: CVE-2004-2779 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability exists in the id3utf16deserialize function in the utf16.c library of...

CVE-2026-31433

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in getfileallinfo for compound requests When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION and the first command consumes nearly the entire maxtranssize, getfileallinfo woul...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ksmbd’s handling of composite requests like QUERYDIRECTORY + QUERYINFOFILEALLINFORMATION. This...

CLSA-2026-1776416477 ImageMagick: Fix of CVE-2026-32636

CVE-2026-32636: fix out-of-bounds write in NewXMLTree/ConvertUTF16ToUTF8...

Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding

Summary Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds check. Specifically the number of code units were checked instead of the byte...

CVE-2026-34942 Wasmtime panics when transcoding misaligned utf-16 strings

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

PT-2026-31681

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

CVE-2026-1995

IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...

CVE-2026-1995

IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...

MiracleLinux 8 : gssntlmssp-1.2.0-1.el8.ML.1 (AXSA:2023-6149:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6149:01 advisory. gssntlmssp: multiple out-of-bounds read when decoding NTLM fields CVE-2023-25563 gssntlmssp: memory corruption when decoding UTF16 strings...

CVE-2025-61043

An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This...

EUVD-2005-4075

Malware in sbrugna...

EUVD-2007-6561

Malware in sbrugna...

AZL-67596 CVE-2025-39838 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to cifssfumakenode without checks, which passes it unchecked to cifsstrnduptoutf16, which in turn passes ...

UBUNTU-CVE-2025-39838

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to cifssfumakenode without checks, which passes it unchecked to cifsstrnduptoutf16, which in turn passes ...

CVE-2025-39838 cifs: prevent NULL pointer dereference in UTF16 conversion

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to cifssfumakenode without checks, which passes it unchecked to cifsstrnduptoutf16, which in turn passes ...

CVE-2025-39838

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to cifssfumakenode without checks, which passes it unchecked to cifsstrnduptoutf16, which in turn passes ...

In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.

...

DEBIAN-CVE-2025-23165

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

SUSE CVE-2025-23165

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...