GHSA-VC68-257W-M432 OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

Summary The PXR24 decompression function undopxr24impl in OpenEXR internalpxr24.c ignores the actual decompressed size outSize returned by exruncompressbuffer and instead reads from the scratch buffer based solely on the expected size uncompressedsize derived from the header metadata. Additionall...

CVE-2025-10995

Open Babel up to 3.1.1 is affected by CVE-2025-10995 due to a vulnerability in zlib_stream::basic_unzip_streambuf::underflow (in /src/zipstreamimpl.h) that can cause memory corruption. The ROS/REDOS entries confirm multiple Open Babel components (including ChemKinFormat, CacaoFormat, and SMILES p...

openbabel 缓冲区错误漏洞

openbabel is a chemistry toolkit software open-sourced by Open Babel. A buffer error vulnerability exists in openbabel 3.1.1 and earlier versions, which stems from a memory corruption issue in the zlibstream::basicunzipstreambuf::underflow function, which could lead to a local attack...

VulnCheck KEV: CVE-2009-1391

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...