EUVD-2026-21597

phpseclib has a variable-time HMAC comparison in SSH2::getbinarypacket using != instead of hashequals...

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

Advisory ROSA-SA-2026-3190

Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv3 affected versions libsndfile-1.0.28-16.0.2.rv3 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library is...

Advisory ROSA-SA-2026-3170

Software: libsndfile 1.0.28 OS: ROSA Virtualization 3.0 unaffected versions = libsndfile-1.0.28-16.0.2.rv30 affected versions libsndfile-1.0.28-16.0.2.rv30 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library ...

EUVD-2025-29549

Malicious code in bioql PyPI...

CVE-2025-56706

Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution RCE vulnerability via the Object parameter in the openwrtgetConfig function...

WHO 安全漏洞

WHO is an online video community application. A security vulnerability exists in WHO versions 1.0.28, 1.0.30, and 1.0.32, which originates from a vulnerability that could allow an attacker to elevate privileges via the TTMultiProvider component...

SUSE CVE-2017-7586

In libsndfile before 1.0.28, an error in the "headerread" function common.c when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file...

SUSE CVE-2017-8362

The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file...

SUSE CVE-2018-19432

An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sfwriteint in sndfile.c, which will lead to a denial of service...

SUSE CVE-2018-19662

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alawarray in alaw.c that will lead to a denial of service...

SUSE CVE-2018-19758

There is a heap-based buffer over-read at wav.c in wavwriteheader in libsndfile 1.0.28 that will cause a denial of service...

An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure related to mishandling of the NAN and INFINITY floating-point values.

...

Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

...

libsndfile: buffer over-read in the function i2alaw_array in alaw.c

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alawarray in alaw.c that will lead to a denial of service...

DEBIAN-CVE-2018-19758

There is a heap-based buffer over-read at wav.c in wavwriteheader in libsndfile 1.0.28 that will cause a denial of service...

ALPINE-CVE-2018-19661

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulawarray in ulaw.c that will lead to a denial of service...

UBUNTU-CVE-2018-19662

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alawarray in alaw.c that will lead to a denial of service...

libsndfile buffer out-of-bounds read vulnerability (CNVD-2019-00816)

libsndfile is a C library developed by software developer Erik de Castro Lopo that reads and writes audio files in AIFF, AU, and WAV formats through standard interfaces. A buffer out-of-bounds read vulnerability exists in the 'i2ulawarray' function of the ulaw.c file in libsndfile version 1.0.28,...