PT-2025-51923

Name of the Vulnerable Software and Affected Versions Capstone versions 6.0.0-Alpha5 and prior Description An unchecked return value from the vsnprintf function within SStream concat can lead to a stack buffer underflow or overflow. A malicious cs opt mem.vsnprintf input can cause SStream’s index...

CVE-2025-60671

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linuxvlanreinit file. The vulnerability occurs because content read from this file is only partially validated for a...

CVE-2025-60671

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linuxvlanreinit file. The vulnerability occurs because content read from this file is only partially validated for a...

CVE-2025-60671

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linuxvlanreinit file. The vulnerability occurs because content read from this file is only partially validated for a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987642 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usbread8 and friends When r8712usbctrlvendorreq returns...

EUVD-2021-23001

Malware in sbrugna...

EUVD-2001-0833

Malware in sbrugna...

EUVD-2025-25563

Malicious code in bioql PyPI...

Stack-based Buffer Overflow

ImageMagick is vulnerable to stack-based buffer overflow. The vulnerability is due to improper pointer arithmetic when multiple consecutive %d format specifiers are used in the magick mogrify command filename template, which allows an attacker to trigger a stack overflow through vsnprintf...

of: module: prevent NULL pointer dereference in vsnprintf()

...

Linux Distros Unpatched Vulnerability : CVE-2025-38639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 b...

ImageMagick has a Stack Buffer Overflow in image.c

Hi, we have found a stack buffer overflow and would like to report this issue. Could you confirm if this qualifies as a security vulnerability? I am happy to provide any additional information needed. Summary In ImageMagick's magick mogrify command, specifying multiple consecutive %d format...

CVE-2025-38639

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...

CVE-2025-38639

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...

CVE-2025-38639

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...

CVE-2025-38639

CVE-2025-38639 is a Linux kernel vulnerability in netfilter xt_nfacct where the acct name is assumed to be null-terminated, enabling a slab-out-of-bounds read via KASAN in lib/vsprintf.c and related paths (nfacct_mt_checkentry/xt_check_match). The cited advisories indicate a local attacker could ...

CLSA-2025-1755114348 orc: Fix of CVE-2024-40897

CVE-2024-40897: use vasprintf if available for error messages and otherwise vsnprintf to allocate as much memory as required and avoid buffer overflow...

UBUNTU-CVE-2024-57917

In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values 15 and 11 from vsnprintf"%pbl ", ... test:keyward is WARNING in kvasprintf WARNING: CPU:...

CVE-2024-49934 fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name

In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...

SUSE CVE-2024-35878

In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...