17 matches found
CVE-2026-44663
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...
OESA-2026-2411 glibc security update
The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...
CVE-2026-39886 OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl()
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...
CVE-2026-5450
Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...
PT-2026-33851
Name of the Vulnerable Software and Affected Versions glibc versions 2.7 through 2.43 Description Calling the scanf family of functions using a %mc malloc'd character match with a format width specifier that has an explicit width greater than 1024 can lead to a one byte heap buffer overflow...
CVE-2026-4985
A flaw was found in dloebl CGIF, a GIF image handler component. A remote attacker could exploit an integer overflow vulnerability by manipulating the width or height arguments when adding a frame. This could lead to a denial of service DoS, making the affected system or application unavailable...
CVE-2026-4985
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...
SUSE CVE-2025-62171
ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating...
The vulnerabilities of Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, and Kaspersky Anti-Ransomware Tool are related to a full-width overflow vulnerability, which allows an attacker to write arbitrary data and cause service interruptions.
The vulnerabilities of Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows Standard, Plus, Premium, Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Securit...
CVE-2024-50177
CVE-2024-50177 concerns the Linux kernel amdgpu display driver (DML2.1). The issue is a UBSAN shift-out-of-bounds triggered when programming phantom pipes and cursor_width is explicitly set to 0, causing an overflow in 32-bit size calculations. The published fix adds a guard to validate cursor wi...
SUSE CVE-2007-4988
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow...
FreeBSD : xen-kernel -- x86 shadow pagetables: address width overflow (d51ced72-4212-11e6-942d-bc5ff45d0f28)
The Xen Project reports : In the x86 shadow pagetable code, the guest frame number of a superpage mapping is stored in a 32-bit field. If a shadowed guest can cause a superpage mapping of a guest-physical address at or above 2^44 to be shadowed, the top bits of the address will be lost, causing a...
Fedora 24 : xen-4.6.1-6.fc24 (2016-48e72b7bc5)
x86 shadow pagetables: address width overflow XSA-173, CVE-2016-3960 Qemu: net: buffer overflow in stellarisenet emulator CVE-2016-4001 Qemu: net: buffer overflow in MIPSnet emulator CVE-2016-4002 qemu: Infinite loop vulnerability in usbehci using siTD process CVE-2016-4037 Note that Tenable...
Fedora 22 : xen-4.5.3-2.fc22 (2016-75063477ca)
x86 shadow pagetables: address width overflow XSA-173, CVE-2016-3960 Qemu: net: buffer overflow in stellarisenet emulator CVE-2016-4001 Qemu: net: buffer overflow in MIPSnet emulator CVE-2016-4002 qemu: Infinite loop vulnerability in usbehci using siTD process CVE-2016-4037 Note that Tenable...
Fedora 23 : xen-4.5.3-2.fc23 (2016-35d7b09908)
x86 shadow pagetables: address width overflow XSA-173, CVE-2016-3960 Qemu: net: buffer overflow in stellarisenet emulator CVE-2016-4001 Qemu: net: buffer overflow in MIPSnet emulator CVE-2016-4002 qemu: Infinite loop vulnerability in usbehci using siTD process CVE-2016-4037 Note that Tenable...