254 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: xfs: Eliminate attribute leaf freemap entries when empty Back in commit 2a2b5932db6758 “xfs: fix attribute leaf header freemap.size underflow”, Brian Foster observed that it’s possible for a small freemap at the end of the xattr...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: preventing dereferencing of ZEROSIZEPTR when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc, with ethsw-swattr.numifs as the element count. When the device reports zero...
Astra Linux – Vulnerability in libexif
LibExif through version 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function receives a 0 size as input, the passed-in buffer will be overwritten due to an integer underflow...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid updating zero-sized extents in the extent cache. As reported by syzbot: F2FS-fs loop0: updateextenttreerange: extent length is zero, type: 0, extent 0, 0, 0, age 0, 0. ------------ Cut here ------------ Kerne...
Linux Distros Unpatched Vulnerability : CVE-2025-71319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...
PT-2026-50877
Name of the Vulnerable Software and Affected Versions Microsoft HEIF Image Extensions version 1.2.22.0 Description An out-of-bounds read occurs because the CHEIFItemInfoEntry GetDataSize function can return a success status while leaving the reported data size at 0. This leads a caller to perform...
CVE-2025-71329
A flaw was found in image-size. A remote attacker can exploit this vulnerability by providing a specially crafted image buffer that contains a zero-valued size field within a recognized box-type. This malicious input can trigger an infinite loop in the JXL or HEIF image parsers, leading to a...
SUSE CVE-2025-71329
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...
CVE-2025-71329
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...
EUVD-2025-210106
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...
CVE-2025-71329
The CVE-2025-71329 vulnerability affects image-size up to version 2.0.2 and is triggered by a crafted image buffer containing a zero-valued size field in a recognized box-type, causing an infinite loop in the JXL or HEIF parsers and permanently blocking the Node.js event loop (DoS). Impact is den...
PT-2026-48403
Name of the Vulnerable Software and Affected Versions image-size versions prior to 2.0.3 Description A denial of service issue exists where remote attackers can permanently block the Node.js event loop. By supplying a specially crafted image buffer containing a box-type with a zero-valued size...
SUSE CVE-2026-46276
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...
image-size 资源管理错误漏洞
image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size from 1.1.0 to 1.2.1 and from 2.0.0 to 2.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the findBox function, which had a denial-of-service vulnerability when processin...
CVE-2026-46276
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...
UBUNTU-CVE-2026-46276
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...
CVE-2026-46276
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...
EUVD-2026-35141
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...
CVE-2026-46276 drm/amdgpu: fix zero-size GDS range init on RDNA4
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...