UBUNTU-CVE-2025-68114

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit...

CVE-2025-68114

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit...

Buffer Underflow

Overview Affected versions of this package are vulnerable to Buffer Underflow in the SStreamconcat function due to improper handling of the return value from csvsnprintf. An attacker can cause a stack buffer underflow or overflow by supplying a crafted csoptmem.vsnprintf implementation that...

EUVD-2025-203995

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit...

PT-2025-51923

Name of the Vulnerable Software and Affected Versions Capstone versions 6.0.0-Alpha5 and prior Description An unchecked return value from the vsnprintf function within SStream concat can lead to a stack buffer underflow or overflow. A malicious cs opt mem.vsnprintf input can cause SStream’s index...

CVE-2025-60671

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linuxvlanreinit file. The vulnerability occurs because content read from this file is only partially validated for a...

CVE-2025-60671

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linuxvlanreinit file. The vulnerability occurs because content read from this file is only partially validated for a...

CVE-2025-60671

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linuxvlanreinit file. The vulnerability occurs because content read from this file is only partially validated for a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987642 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usbread8 and friends When r8712usbctrlvendorreq returns...

EUVD-2021-23001

Malware in sbrugna...

EUVD-2001-0833

Malware in sbrugna...

EUVD-2025-25563

Malicious code in bioql PyPI...

Stack-based Buffer Overflow

ImageMagick is vulnerable to stack-based buffer overflow. The vulnerability is due to improper pointer arithmetic when multiple consecutive %d format specifiers are used in the magick mogrify command filename template, which allows an attacker to trigger a stack overflow through vsnprintf...

of: module: prevent NULL pointer dereference in vsnprintf()

...

Linux Distros Unpatched Vulnerability : CVE-2025-38639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 b...

ImageMagick has a Stack Buffer Overflow in image.c

Hi, we have found a stack buffer overflow and would like to report this issue. Could you confirm if this qualifies as a security vulnerability? I am happy to provide any additional information needed. Summary In ImageMagick's magick mogrify command, specifying multiple consecutive %d format...

CVE-2025-38639

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...

CVE-2025-38639

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...

CVE-2025-38639

CVE-2025-38639 is a Linux kernel vulnerability in netfilter xt_nfacct where the acct name is assumed to be null-terminated, enabling a slab-out-of-bounds read via KASAN in lib/vsprintf.c and related paths (nfacct_mt_checkentry/xt_check_match). The cited advisories indicate a local attacker could ...

CVE-2025-38639

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...