Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-2049

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-10 Jun, 2026 | 21:22
Updated At-30 Jun, 2026 | 12:06
Rejected At-
Credits

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28618.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:10 Jun, 2026 | 21:22
Updated At:30 Jun, 2026 | 12:06
Rejected At:
â–¼CVE Numbering Authority (CNA)
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28618.

Affected Products
Vendor
GIMPGIMP
Product
GIMP
Default Status
unknown
Versions
Affected
  • 3.2.0-RC1
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-26-214/
x_research-advisory
https://gitlab.gnome.org/GNOME/gegl/-/issues/450
vendor-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-26-214/
Resource:
x_research-advisory
Hyperlink: https://gitlab.gnome.org/GNOME/gegl/-/issues/450
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. gimp: gegl: GIMP: Remote Code Execution via HDR File Parsing Heap-based Buffer Overflow

A flaw was found in GIMP. This heap-based buffer overflow vulnerability, located in the HDR file parsing component, allows a remote attacker to execute arbitrary code. User interaction is required for exploitation, as the target must open a malicious HDR file. The flaw occurs due to a lack of proper validation of user-supplied data length before it is copied to a heap-based buffer.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-131Incorrect Calculation of Buffer Size
Type: CWE
CWE ID: CWE-131
Description: Incorrect Calculation of Buffer Size
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

To mitigate this issue, users should avoid opening HDR files from untrusted or suspicious sources. If GIMP is not required, consider removing the `gimp` package to eliminate the attack surface. This can be achieved with `sudo dnf remove gimp`. Be aware that removing GIMP may impact other dependent graphical applications.

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-06-10 22:01:10
Made public.2026-06-10 21:22:47
Event: Reported to Red Hat.
Date: 2026-06-10 22:01:10
Event: Made public.
Date: 2026-06-10 21:22:47
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-2049
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2487738
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2049.json
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-2049
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2487738
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2049.json
Resource:
x_sadp-csaf-vex
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:10 Jun, 2026 | 22:16
Updated At:30 Jun, 2026 | 03:18

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28618.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-122Primaryzdi-disclosures@trendmicro.com
CWE-131Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-122
Type: Primary
Source: zdi-disclosures@trendmicro.com
CWE ID: CWE-131
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gitlab.gnome.org/GNOME/gegl/-/issues/450zdi-disclosures@trendmicro.com
N/A
https://www.zerodayinitiative.com/advisories/ZDI-26-214/zdi-disclosures@trendmicro.com
N/A
https://access.redhat.com/security/cve/CVE-2026-20490b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24877380b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2049.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://gitlab.gnome.org/GNOME/gegl/-/issues/450
Source: zdi-disclosures@trendmicro.com
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-26-214/
Source: zdi-disclosures@trendmicro.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-2049
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2487738
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2049.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

757Records found

CVE-2026-32146
Matching Score-8
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-8
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-8.3||HIGH
EPSS-0.24% / 14.94%
||
7 Day CHG~0.00%
Published-11 Apr, 2026 | 12:59
Updated-01 Jul, 2026 | 04:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement to the intended dependency directory, allowing attacker-controlled paths (via relative traversal such as ../ or absolute paths) to target filesystem locations outside that directory. When resolving git dependencies (e.g. via gleam deps download), the computed path is used for filesystem operations including directory deletion and creation. This vulnerability occurs during the dependency resolution and download phase, which is generally expected to be limited to fetching and preparing dependencies within a confined directory. A malicious direct or transitive git dependency can exploit this issue to delete and overwrite arbitrary directories outside the intended dependency directory, including attacker-chosen absolute paths, potentially causing data loss. In some environments, this may be further leveraged to achieve code execution, for example by overwriting git hooks or shell configuration files. This issue affects Gleam from 1.9.0-rc1 until 1.15.4.

Action-Not Available
Vendor-lpilGleamRed Hat, Inc.
Product-gleamGleamRed Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-2921
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.87% / 54.28%
||
7 Day CHG+0.03%
Published-13 Mar, 2026 | 20:41
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability

GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854.

Action-Not Available
Vendor-gstreamerGStreamerRed Hat, Inc.
Product-gstreamerGStreamerRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-2922
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.62%
||
7 Day CHG+0.05%
Published-13 Mar, 2026 | 20:38
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of video packets. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28845.

Action-Not Available
Vendor-gstreamerGStreamerRed Hat, Inc.
Product-gstreamerGStreamerRed Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2923
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.73% / 49.70%
||
7 Day CHG+0.08%
Published-13 Mar, 2026 | 20:39
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of coordinates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28838.

Action-Not Available
Vendor-gstreamerGStreamerRed Hat, Inc.
Product-gstreamerGStreamerRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 9)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-3081
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.22%
||
7 Day CHG+0.05%
Published-13 Mar, 2026 | 20:39
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of decoding units. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28839.

Action-Not Available
Vendor-gstreamerGStreamerRed Hat, Inc.
Product-gstreamerGStreamerRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-3084
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.93%
||
7 Day CHG+0.05%
Published-13 Mar, 2026 | 20:42
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability

GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of picture partitions. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28910.

Action-Not Available
Vendor-gstreamerGStreamerRed Hat, Inc.
Product-gstreamerGStreamerRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-3086
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.93%
||
7 Day CHG+0.05%
Published-13 Mar, 2026 | 20:40
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of APS units. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28911.

Action-Not Available
Vendor-gstreamerGStreamerRed Hat, Inc.
Product-gstreamerGStreamerRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-27622
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.20% / 10.11%
||
7 Day CHG+0.04%
Published-03 Mar, 2026 | 22:42
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.

Action-Not Available
Vendor-openexrAcademySoftwareFoundationRed Hat, Inc.
Product-openexropenexrRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat AI Inference Server 3.3
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2045
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.3||HIGH
EPSS-0.57% / 42.83%
||
7 Day CHG+0.05%
Published-20 Feb, 2026 | 22:23
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.

Action-Not Available
Vendor-Red Hat, Inc.GIMP
Product-gimpGIMPRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2048
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.62% / 45.44%
||
7 Day CHG+0.10%
Published-20 Feb, 2026 | 22:23
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591.

Action-Not Available
Vendor-Red Hat, Inc.GIMP
Product-gimpGIMPRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-1462
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.70%
||
7 Day CHG-0.03%
Published-13 Apr, 2026 | 14:55
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Safe Mode Bypass in keras-team/keras

A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and the lack of validation in the `from_config()` method.

Action-Not Available
Vendor-keras-teamRed Hat, Inc.
Product-keras-team/kerasRed Hat OpenShift AI 2.25Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-1260
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.81%
||
7 Day CHG+0.03%
Published-22 Jan, 2026 | 17:06
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid Memory Access in Sentencepiece,

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.
Product-sentencepieceSentencepieceRed Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat AI Inference ServerRed Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-10118
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.51%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 15:33
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Hardened ImagesRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.3Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-11332
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.22%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 08:21
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2025-5914
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.46%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 19:53
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Action-Not Available
Vendor-libarchiveRed Hat, Inc.
Product-libarchiveenterprise_linuxopenshift_container_platformcert-manager operator for Red Hat OpenShift 1.16Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsOpenShift Compliance Operator 1Red Hat OpenShift Container Platform 4.17Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportOpenShift File Integrity Operator - FIO 1Red Hat OpenShift distributed tracing 3.5.1Red Hat OpenShift sandboxed containers 1.1Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Web Terminal 1.11 on RHEL 9Red Hat Web Terminal 1.12 on RHEL 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRHOSS-1.36-RHEL-8
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-5473
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-10.56% / 95.23%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 18:44
Updated-03 Nov, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-2761
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.43% / 69.81%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 16:47
Updated-03 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2760
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-6.31% / 92.76%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 16:47
Updated-03 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-0406
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.93% / 56.16%
||
7 Day CHG~0.00%
Published-06 Apr, 2024 | 16:11
Updated-20 Nov, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mholt/archiver: path traversal vulnerability

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

Action-Not Available
Vendor-mholtRed Hat, Inc.
Product-archiveropenshift_container_platformadvanced_cluster_securityRed Hat OpenShift Container Platform 4.18Red Hat Advanced Cluster Security 4Red Hat Advanced Cluster Security 3
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-8631
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9.3||CRITICAL
EPSS-1.33% / 67.68%
||
7 Day CHG+0.66%
Published-20 May, 2026 | 20:11
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data.

Action-Not Available
Vendor-HP IncRed Hat, Inc.HP Inc.
Product-linux_imaging_and_printingHP Linux Imaging and Printing SoftwareRed Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-9149
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 20.84%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 23:34
Updated-27 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

Action-Not Available
Vendor-openSUSERed Hat, Inc.
Product-enterprise_linuxsatellitelibsolvupdate_infrastructureopenshift_container_platformhardened_imagesRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Satellite 6Red Hat Update Infrastructure 4 for Cloud Providers
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-9256
Matching Score-6
Assigner-F5, Inc.
ShareView Details
Matching Score-6
Assigner-F5, Inc.
CVSS Score-9.2||CRITICAL
EPSS-4.26% / 89.86%
||
7 Day CHG+1.67%
Published-22 May, 2026 | 14:11
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.Red Hat, Inc.
Product-nginx_open_sourcenginx_plusNGINX PlusNGINX Open SourceRed Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Lightspeed proxy 1Red Hat Discovery 2Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Hardened ImagesRed Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-6752
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-0.31% / 22.39%
||
7 Day CHG+0.03%
Published-21 Apr, 2026 | 12:40
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the WebRTC component

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2026-56208
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.6||HIGH
EPSS-0.27% / 19.25%
||
7 Day CHG+0.01%
Published-19 Jun, 2026 | 16:28
Updated-03 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a denial of service (process crash) or potentially achieve code execution.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat AI Inference ServerRed Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-14905
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-1.04% / 59.74%
||
7 Day CHG~0.00%
Published-23 Feb, 2026 | 15:41
Updated-30 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Directory Server 13.1Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Directory Server 11.9 for RHEL 8Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Directory Server 12Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Directory Server 13Red Hat Directory Server 11.7 E4S for RHEL 8Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Directory Server 12.2 E4S for RHEL 9Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Directory Server 12.4 EUS for RHEL 9
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-67268
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.67% / 47.65%
||
7 Day CHG+0.14%
Published-02 Jan, 2026 | 00:00
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.

Action-Not Available
Vendor-gpsd_projectn/aRed Hat, Inc.
Product-gpsdn/aRed Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2026-5402
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-8.8||HIGH
EPSS-0.39% / 30.98%
||
7 Day CHG+0.05%
Published-30 Apr, 2026 | 05:39
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in Wireshark

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Action-Not Available
Vendor-Red Hat, Inc.Wireshark Foundation
Product-wiresharkWiresharkRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-58379
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-Not Assigned
Published-03 Jul, 2026 | 18:29
Updated-03 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: gimp: heap buffer overflow in read_channel_data()

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-8443
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.9||LOW
EPSS-0.31% / 22.79%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 13:16
Updated-30 Jun, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libopensc: heap buffer overflow in openpgp driver when generating key

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

Action-Not Available
Vendor-opensc_projectRed Hat, Inc.
Product-openscenterprise_linuxRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7730
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-7.4||HIGH
EPSS-0.27% / 19.03%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 12:11
Updated-05 Aug, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()

A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.

Action-Not Available
Vendor-QEMURed Hat, Inc.
Product-qemuRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-25646
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.95% / 57.06%
||
7 Day CHG+0.02%
Published-10 Feb, 2026 | 17:04
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LIBPNG has a heap buffer overflow in png_set_quantize

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Action-Not Available
Vendor-libpngpnggroupRed Hat, Inc.
Product-libpnglibpngRed Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat build of OpenJDK 21Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat OpenJDK 11 ELS for RHEL 9Red Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Ceph Storage 8Red Hat OpenJDK 11 ELS for RHEL 7Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)OPENJDK ELS 11.0.31Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat OpenShift Container Platform 4.18Red Hat build of OpenJDK 25Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Discovery 2Red Hat build of OpenJDK 1.8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat OpenJDK 11 ELS for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux 8Red Hat Build of OpenJDK 17.0.9Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2024-56827
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.23% / 13.70%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 03:40
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openjpeg: heap buffer overflow in lib/openjp2/j2k.c

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2019-14901
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-16.91% / 96.68%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 14:05
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedorakernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14895
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-7.76% / 93.91%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 13:50
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedoraleapkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5915
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.16% / 5.85%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 19:49
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Action-Not Available
Vendor-libarchiveRed Hat, Inc.
Product-libarchiveenterprise_linuxopenshift_container_platformRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-3447
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-6||MEDIUM
EPSS-0.55% / 42.05%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 12:10
Updated-12 May, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Action-Not Available
Vendor-Red Hat, Inc.QEMUSiemens AGNetApp, Inc.
Product-hci_compute_nodeqemuRed Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-48797
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.19% / 9.12%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 14:04
Updated-30 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: multiple heap buffer overflows in tga parser

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-21886
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.42% / 69.59%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 12:13
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: heap buffer overflow in disabledevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

Action-Not Available
Vendor-X.Org FoundationRed Hat, Inc.
Product-Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Extended Update Supportxserverxwayland
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-21885
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.42% / 69.59%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 12:11
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Extended Update Support
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5201
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.72%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 08:32
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linux_server_ausgdk-pixbufenterprise_linux_server_tusenterprise_linuxRed Hat AI Inference Server 3.2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat AI Inference Server 3.3Red Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Enterprise Linux 10Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 9Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-52720
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.49% / 38.50%
||
7 Day CHG+0.01%
Published-15 Jun, 2026 | 19:15
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-12084
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-72.06% / 99.36%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 14:16
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rsync: heap buffer overflow in rsync due to improper checksum length handling

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

Action-Not Available
Vendor-almalinuxtritondatacenternixosarchlinuxRed Hat, Inc.NovellGentoo Foundation, Inc.Samba
Product-rsyncenterprise_linuxnixossmartosalmalinuxlinuxarch_linuxsuse_linuxRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-52955
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 29.64%
||
7 Day CHG+0.19%
Published-24 Jun, 2026 | 16:28
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libceph: Fix potential out-of-bounds access in crush_decode()

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crush_decode() A message of type CEPH_MSG_OSD_MAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an out-of-bounds access can occur. This is the case because the first algorithm field (alg) is used to allocate the correct amount of memory for a bucket of this type, while the second algorithm field inside the bucket (b->alg) is used in the subsequent processing. This patch fixes the issue by adding a check that compares alg and b->alg and aborts the processing in case they differ. Furthermore, b->alg is set to 0 in this case, because the destruction of the crush map also uses this field to determine the bucket type, which can again result in an out-of-bounds access when trying to free the memory pointed to by the fields of the bucket. To correctly free the memory allocated for the bucket in such a case, the corresponding call to kfree is moved from the algorithm-specific crush_destroy_bucket functions to the generic crush_destroy_bucket().

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-LinuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2026-53091
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-8.4||HIGH
EPSS-0.12% / 2.35%
||
7 Day CHG-0.03%
Published-24 Jun, 2026 | 16:30
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: pull headers in qdisc_pkt_len_segs_init()

In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdisc_pkt_len_segs_init() Most ndo_start_xmit() methods expects headers of gso packets to be already in skb->head. net/core/tso.c users are particularly at risk, because tso_build_hdr() does a memcpy(hdr, skb->data, hdr_len); qdisc_pkt_len_segs_init() already does a dissection of gso packets. Use pskb_may_pull() instead of skb_header_pointer() to make sure drivers do not have to reimplement this. Some malicious packets could be fed, detect them so that we can drop them sooner with a new SKB_DROP_REASON_SKB_BAD_GSO drop_reason.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-LinuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2024-1062
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 22.17%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 13:04
Updated-25 Feb, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

Action-Not Available
Vendor-Fedora ProjectRed Hat, Inc.
Product-enterprise_linux_server_ausenterprise_linux_for_arm_64_eusenterprise_linux389_directory_serverdirectory_serverfedoraenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Directory Server 11.7 for RHEL 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Directory Server 11.8 for RHEL 8Red Hat Directory Server 12Red Hat Directory Server 12.2 EUS for RHEL 9Red Hat Enterprise Linux 7Red Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-53143
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-7||HIGH
EPSS-0.13% / 3.26%
||
7 Day CHG-0.05%
Published-25 Jun, 2026 | 08:38
Updated-30 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The v11 MQD manager incorrectly assigned the CP-compute variants of checkpoint_mqd/restore_mqd for KFD_MQD_TYPE_SDMA queues. These functions use sizeof(struct v11_compute_mqd) (2048 bytes) instead of sizeof(struct v11_sdma_mqd) (512 bytes), causing a 1536-byte overflow. During CRIU checkpoint of an SDMA queue on Navi3x: - checkpoint_mqd() reads 2048 bytes from a 512-byte SDMA MQD buffer, leaking 1536 bytes of adjacent GTT memory to userspace During CRIU restore: - restore_mqd() writes 2048 bytes into a 512-byte SDMA MQD buffer, corrupting 1536 bytes of adjacent GTT memory (often the ring buffer or neighboring MQDs) This is a copy-paste regression unique to v11. All other ASIC backends (cik, vi, v9, v10, v12) correctly use the SDMA-specific variants. Add checkpoint_mqd_sdma() and restore_mqd_sdma() functions that properly handle the smaller v11_sdma_mqd structure, matching the pattern used in other MQD managers. (cherry picked from commit 6fa41db7ffdec97d62433adf03b7b9b759af8c2c)

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-LinuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2023-6780
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.69% / 84.04%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 14:08
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: integer overflow in __vsyslog_internal()

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Action-Not Available
Vendor-n/aRed Hat, Inc.Siemens AGFedora ProjectGNU
Product-glibcfedoraFedoraglibcRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-6779
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-3.13% / 86.28%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 14:07
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Action-Not Available
Vendor-n/aRed Hat, Inc.Siemens AGFedora ProjectGNU
Product-glibcfedoraFedoraglibcRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6246
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-4.79% / 90.85%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 14:06
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: heap-based buffer overflow in __vsyslog_internal()

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Action-Not Available
Vendor-n/aRed Hat, Inc.Siemens AGFedora ProjectGNU
Product-glibcfedoraFedoraglibcRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4892
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-8.4||HIGH
EPSS-0.81% / 52.48%
||
7 Day CHG+0.24%
Published-11 May, 2026 | 16:47
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-4892

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.

Action-Not Available
Vendor-dnsmasqRed Hat, Inc.
Product-dnsmasqRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Container Platform 4
CWE ID-CWE-122
Heap-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found