Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-45696

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-18 Jun, 2026 | 20:31
Updated At-30 Jun, 2026 | 12:10
Rejected At-
Credits

OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000) decoder, ht_undo_impl() in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The ht_undo_imp function copies decoded pixels out of a per-line OpenJPH buffer using the EXR channel's declared width as the iteration count. The codestream embedded in the EXR chunk can declare different (smaller) tile/line dimensions than the EXR header advertises, but ht_undo_impl() does not validate this — it pulls width 32-bit samples from cur_line->i32[] without checking the OpenJPH line buffer's actual length. A crafted EXR file produces a 4-byte heap-buffer-overflow READ immediately after a buffer allocated by ojph::local::codestream::finalize_alloc(). The bug is reachable through the standard scanline-decode entry point used by every consumer of exr_decoding_run/Imf::checkOpenEXRFile, including thumbnailers, asset pipelines, and the exrcheck utility — i.e. any application that opens untrusted EXR files. The result is a deterministic crash (DoS) and potential adjacent-heap leak. This issue has been fixed in version 3.4.12.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:18 Jun, 2026 | 20:31
Updated At:30 Jun, 2026 | 12:10
Rejected At:
▼CVE Numbering Authority (CNA)
OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000) decoder, ht_undo_impl() in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The ht_undo_imp function copies decoded pixels out of a per-line OpenJPH buffer using the EXR channel's declared width as the iteration count. The codestream embedded in the EXR chunk can declare different (smaller) tile/line dimensions than the EXR header advertises, but ht_undo_impl() does not validate this — it pulls width 32-bit samples from cur_line->i32[] without checking the OpenJPH line buffer's actual length. A crafted EXR file produces a 4-byte heap-buffer-overflow READ immediately after a buffer allocated by ojph::local::codestream::finalize_alloc(). The bug is reachable through the standard scanline-decode entry point used by every consumer of exr_decoding_run/Imf::checkOpenEXRFile, including thumbnailers, asset pipelines, and the exrcheck utility — i.e. any application that opens untrusted EXR files. The result is a deterministic crash (DoS) and potential adjacent-heap leak. This issue has been fixed in version 3.4.12.

Affected Products
Vendor
AcademySoftwareFoundation
Product
openexr
Versions
Affected
  • >= 3.4.0, < 3.4.11
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.08.3HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Version: 4.0
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf
x_refsource_CONFIRM
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.12
x_refsource_MISC
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.12
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf
exploit
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf
Resource:
exploit
2. OpenEXR: OpenEXR: Denial of Service and potential information disclosure via crafted EXR file

A flaw was found in the OpenEXR image library. If an application opens a maliciously crafted EXR image file, it triggers a memory error. An attacker can use this to crash the application—causing a denial of service (DoS)—and potentially view sensitive information from the application's memory. Any system that processes untrusted EXR files is at risk.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-125Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

To minimize risk, avoid opening or processing EXR image files from untrusted or unknown sources. For environments that must process external files, run the handling applications within a sandboxed environment to restrict their privileges and limit the damage a potential exploit can cause.

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-06-18 22:01:06
Made public.2026-06-18 20:31:56
Event: Reported to Red Hat.
Date: 2026-06-18 22:01:06
Event: Made public.
Date: 2026-06-18 20:31:56
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-45696
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2490597
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45696.json
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-45696
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2490597
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45696.json
Resource:
x_sadp-csaf-vex
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:18 Jun, 2026 | 21:16
Updated At:30 Jun, 2026 | 03:20

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000) decoder, ht_undo_impl() in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The ht_undo_imp function copies decoded pixels out of a per-line OpenJPH buffer using the EXR channel's declared width as the iteration count. The codestream embedded in the EXR chunk can declare different (smaller) tile/line dimensions than the EXR header advertises, but ht_undo_impl() does not validate this — it pulls width 32-bit samples from cur_line->i32[] without checking the OpenJPH line buffer's actual length. A crafted EXR file produces a 4-byte heap-buffer-overflow READ immediately after a buffer allocated by ojph::local::codestream::finalize_alloc(). The bug is reachable through the standard scanline-decode entry point used by every consumer of exr_decoding_run/Imf::checkOpenEXRFile, including thumbnailers, asset pipelines, and the exrcheck utility — i.e. any application that opens untrusted EXR files. The result is a deterministic crash (DoS) and potential adjacent-heap leak. This issue has been fixed in version 3.4.12.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.3HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

openexr
openexr
>>openexr>>Versions from 3.4.0(inclusive) to 3.4.12(exclusive)
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Primarysecurity-advisories@github.com
CWE-125Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-122
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-125
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.12security-advisories@github.com
Release Notes
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhfsecurity-advisories@github.com
Exploit
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-456960b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24905970b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45696.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.12
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-45696
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2490597
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45696.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

347Records found

CVE-2019-14901
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-16.91% / 96.68%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 14:05
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedorakernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-6786
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.11%
||
7 Day CHG+0.12%
Published-21 Apr, 2026 | 12:41
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-55654
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.31% / 22.57%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 03:37
Updated-25 Jun, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.

Action-Not Available
Vendor-OpenBSDRed Hat, Inc.
Product-opensshhardened_imagesenterprise_linuxRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14907
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-3.15% / 86.37%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 00:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxSambaFedora ProjectSynology, Inc.Red Hat, Inc.
Product-storagedebian_linuxenterprise_linuxdiskstation_managerdirectory_serverubuntu_linuxrouter_managerskynassambafedorasamba
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14906
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.75% / 75.16%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 20:05
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

Action-Not Available
Vendor-libsdlRed Hat, Inc.
Product-simple_directmedia_layerenterprise_linuxSDL
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14895
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-7.76% / 93.91%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 13:50
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedoraleapkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5915
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.16% / 5.85%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 19:49
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Action-Not Available
Vendor-libarchiveRed Hat, Inc.
Product-libarchiveenterprise_linuxopenshift_container_platformRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-3447
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-6||MEDIUM
EPSS-0.55% / 42.05%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 12:10
Updated-12 May, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Action-Not Available
Vendor-Red Hat, Inc.QEMUSiemens AGNetApp, Inc.
Product-hci_compute_nodeqemuRed Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-48797
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.19% / 9.12%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 14:04
Updated-30 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: multiple heap buffer overflows in tga parser

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-2127
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.53% / 71.69%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 14:49
Updated-20 Nov, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: out-of-bounds read in winbind auth_crap

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectDebian GNU/LinuxSamba
Product-sambadebian_linuxfedoraenterprise_linuxRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Storage 3Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21886
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.42% / 69.59%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 12:13
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: heap buffer overflow in disabledevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

Action-Not Available
Vendor-X.Org FoundationRed Hat, Inc.
Product-Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Extended Update Supportxserverxwayland
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-21885
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.42% / 69.59%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 12:11
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Extended Update Support
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5201
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.72%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 08:32
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linux_server_ausgdk-pixbufenterprise_linux_server_tusenterprise_linuxRed Hat AI Inference Server 3.2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat AI Inference Server 3.3Red Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Enterprise Linux 10Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 9Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5172
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.3||HIGH
EPSS-0.93% / 56.37%
||
7 Day CHG+0.29%
Published-11 May, 2026 | 16:48
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-5172

A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.

Action-Not Available
Vendor-dnsmasqRed Hat, Inc.
Product-dnsmasqRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-50262
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 2.74%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 10:36
Updated-25 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.

Action-Not Available
Vendor-X.Org FoundationRed Hat, Inc.
Product-xwaylandenterprise_linuxx_serverRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-11614
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.55% / 42.01%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 08:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat OpenShift Container Platform 4Fast Datapath for RHEL 8Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Fast Datapath for RHEL 9Fast Datapath for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsFast Datapath for Red Hat Enterprise Linux 9Fast Datapath for RHEL 7
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-52720
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.49% / 38.50%
||
7 Day CHG+0.01%
Published-15 Jun, 2026 | 19:15
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-52721
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 1.42%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 19:10
Updated-15 Jun, 2026 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp header parsing

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-12084
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-72.06% / 99.36%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 14:16
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rsync: heap buffer overflow in rsync due to improper checksum length handling

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

Action-Not Available
Vendor-almalinuxtritondatacenternixosarchlinuxRed Hat, Inc.NovellGentoo Foundation, Inc.Samba
Product-rsyncenterprise_linuxnixossmartosalmalinuxlinuxarch_linuxsuse_linuxRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-1062
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 22.17%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 13:04
Updated-25 Feb, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

Action-Not Available
Vendor-Fedora ProjectRed Hat, Inc.
Product-enterprise_linux_server_ausenterprise_linux_for_arm_64_eusenterprise_linux389_directory_serverdirectory_serverfedoraenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Directory Server 11.7 for RHEL 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Directory Server 11.8 for RHEL 8Red Hat Directory Server 12Red Hat Directory Server 12.2 EUS for RHEL 9Red Hat Enterprise Linux 7Red Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-6779
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-3.13% / 86.28%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 14:07
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Action-Not Available
Vendor-n/aRed Hat, Inc.Siemens AGFedora ProjectGNU
Product-glibcfedoraFedoraglibcRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6606
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.52% / 40.45%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 16:58
Updated-08 Nov, 2025 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: out-of-bounds read vulnerability in smbcalcsize

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsRed Hat Enterprise Linux 9RHOL-5.8-RHEL-9Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-6246
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-4.79% / 90.85%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 14:06
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: heap-based buffer overflow in __vsyslog_internal()

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Action-Not Available
Vendor-n/aRed Hat, Inc.Siemens AGFedora ProjectGNU
Product-glibcfedoraFedoraglibcRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-5841
Matching Score-6
Assigner-Austin Hackers Anonymous
ShareView Details
Matching Score-6
Assigner-Austin Hackers Anonymous
CVSS Score-9.1||CRITICAL
EPSS-1.26% / 66.00%
||
7 Day CHG+0.01%
Published-01 Feb, 2024 | 18:28
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenEXR Heap Overflow in Scanline Deep Data Parsing

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

Action-Not Available
Vendor-openexrAcademy Software Foundation
Product-openexrOpenEXR
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4891
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-5.3||MEDIUM
EPSS-6.23% / 92.67%
||
7 Day CHG+1.77%
Published-11 May, 2026 | 16:47
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Action-Not Available
Vendor-dnsmasqRed Hat, Inc.
Product-dnsmasqRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-4892
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-8.4||HIGH
EPSS-0.81% / 52.48%
||
7 Day CHG+0.24%
Published-11 May, 2026 | 16:47
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-4892

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.

Action-Not Available
Vendor-dnsmasqRed Hat, Inc.
Product-dnsmasqRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Container Platform 4
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-6121
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.64% / 73.54%
||
7 Day CHG-0.01%
Published-16 Nov, 2023 | 14:45
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

Action-Not Available
Vendor-Siemens AGRed Hat, Inc.
Product-enterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7SIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XCM-/XRM-/XCH-/XRH-300 familySIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-48914
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 2.24%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 09:42
Updated-15 Jun, 2026 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux for NVIDIA 26Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-4647
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 6.43%
||
7 Day CHG+0.01%
Published-23 Mar, 2026 | 13:37
Updated-30 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-binutilsenterprise_linuxopenshift_container_platformRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4911
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-81.42% / 99.59%
||
7 Day CHG+2.82%
Published-03 Oct, 2023 | 17:25
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-12-12||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Action-Not Available
Vendor-GNUNetApp, Inc.Red Hat, Inc.Siemens AGCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxontap_select_deploy_administration_utilityenterprise_linux_for_arm_64enterprise_linux_server_tusenterprise_linux_for_ibm_z_systemsbootstrap_osh500sfedoracodeready_linux_builder_for_arm64_euscodeready_linux_builderenterprise_linux_for_arm_64_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_ibm_z_systems_eus_s390xh500s_firmwarehci_compute_nodeh410s_firmwareh410scodeready_linux_builder_for_arm64codeready_linux_builder_for_power_little_endiancodeready_linux_builder_for_power_little_endian_eusenterprise_linux_eusvirtualizationenterprise_linux_for_power_little_endian_eush410c_firmwareenterprise_linux_for_power_little_endiandebian_linuxenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_big_endian_eush300sh410ch700s_firmwareh300s_firmwareenterprise_linux_server_ausenterprise_linux_for_ibm_z_systems_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_for_ibm_z_systemsglibccodeready_linux_builder_eusvirtualization_hosth700senterprise_linuxRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.0 Extended Update SupportSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPGNU C Library
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4693
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.50% / 38.90%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 10:27
Updated-07 Nov, 2025 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grub2: out-of-bounds read at fs/ntfs.c

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

Action-Not Available
Vendor-GNURed Hat, Inc.
Product-grub2enterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47039
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 33.23%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:30
Updated-20 Nov, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Perl: perl for windows binary hijacking vulnerability

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

Action-Not Available
Vendor-perlRed Hat, Inc.Microsoft Corporation
Product-windowsperlRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-46520
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.35%
||
7 Day CHG+0.12%
Published-10 Jun, 2026 | 21:31
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4458
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-4||MEDIUM
EPSS-0.83% / 53.18%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 12:09
Updated-19 Aug, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43788
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 28.51%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 12:26
Updated-06 Nov, 2025 | 22:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer()

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.

Action-Not Available
Vendor-Fedora ProjectRed Hat, Inc.X.Org Foundation
Product-fedoraenterprise_linuxlibxpmRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-42755
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 31.97%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 18:25
Updated-08 Nov, 2025 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: rsvp: out-of-bounds read in rsvp_classify()

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlinux_kernelenterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-46033
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-7||HIGH
EPSS-0.13% / 2.87%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:56
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
crypto: authencesn - reject short ahash digests during instance creation

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequence number data at the end of the authenticated data. While crypto_authenc_esn_setauthsize() already rejects explicit non-zero authsizes in the range 1..3, crypto_authenc_esn_create() still copied auth->digestsize into inst->alg.maxauthsize without validating it. The AEAD core then initialized the tfm's default authsize from that value. As a result, selecting an ahash with digest size 1..3, such as cbcmac(cipher_null), exposed authencesn instances whose default authsize was invalid even though setauthsize() would have rejected the same value. AF_ALG could then trigger the ESN tail handling with a too-short tag and hit an out-of-bounds access. Reject authencesn instances whose ahash digest size is in the invalid non-zero range 1..3 so that no tfm can inherit an unsupported default authsize.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelLinuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43789
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 27.25%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 11:43
Updated-06 Nov, 2025 | 22:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxpm: out of bounds read on xpm with corrupted colormap

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

Action-Not Available
Vendor-libxpm_projectFedora ProjectRed Hat, Inc.
Product-fedoraenterprise_linuxlibxpmRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43785
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 45.91%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 12:26
Updated-06 Nov, 2025 | 22:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libx11: out-of-bounds memory access in _xkbreadkeysyms()

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.

Action-Not Available
Vendor-Fedora ProjectRed Hat, Inc.X.Org Foundation
Product-fedoralibx11enterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-45359
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.12% / 2.33%
||
7 Day CHG+0.01%
Published-10 Jun, 2026 | 21:26
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-22.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-4424
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.74%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 13:50
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Action-Not Available
Vendor-libarchiveRed Hat, Inc.
Product-openshift_container_platform_for_arm64enterprise_linuxlibarchiveenterprise_linux_server_ausopenshift_container_platform_for_poweropenshift_container_platformhardened_imagesRed Hat AI Inference Server 3.2RHEL-8 based Middleware ContainersRed Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat AI Inference Server 3.3Red Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Hardened ImagesRed Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux BaseOS AUS (v.8.4)Middleware Containers for OpenShiftRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux BaseOS (v. 8)Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2006-10003
Matching Score-6
Assigner-CPAN Security Group
ShareView Details
Matching Score-6
Assigner-CPAN Security Group
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 41.84%
||
7 Day CHG+0.04%
Published-19 Mar, 2026 | 11:08
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

Action-Not Available
Vendor-toddrTODDRRed Hat, Inc.
Product-xml\XML::ParserRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-193
Off-by-one Error
CVE-2023-4135
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.41% / 32.83%
||
7 Day CHG~0.00%
Published-04 Aug, 2023 | 13:19
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds read information disclosure vulnerability

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

Action-Not Available
Vendor-n/aQEMUFedora ProjectRed Hat, Inc.
Product-qemufedoraExtra Packages for Enterprise LinuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6qemu-kvmRed Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-40551
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.39% / 31.35%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 16:46
Updated-20 Nov, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shim: out of bounds read when parsing mz binaries

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

Action-Not Available
Vendor-Red Hat, Inc.Fedora Project
Product-shimfedoraenterprise_linuxRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-40550
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 31.41%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 16:29
Updated-27 Jan, 2026 | 10:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shim: out-of-bound read in verify_buffer_sbat()

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

Action-Not Available
Vendor-Red Hat, Inc.Fedora Project
Product-shimfedoraenterprise_linuxRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.4 Telecommunications Update Service
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-43906
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.19% / 8.58%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 18:54
Updated-15 May, 2026 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenImageIO: HEIF Heap overflow

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metadata mismatch, leading to memory corruption and potential code execution. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.

Action-Not Available
Vendor-openimageioAcademySoftwareFoundation
Product-openimageioOpenImageIO
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-43909
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.37% / 29.07%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 19:00
Updated-15 May, 2026 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenImageIO: Signed integer overflow in SwapRGBABytes loop index leads to out-of-bounds read/write in DPX ABGR decoder

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to compute a large negative pointer offset when processing kABGR DPX images with large dimensions. The immediate crash is an out-of-bounds read (the memcpy at line 45 reads from &input[i * 4] first), but the subsequent write operations at lines 46–49 target the same wrapped offset — making this a combined OOB read+write primitive. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.

Action-Not Available
Vendor-openimageioAcademySoftwareFoundation
Product-openimageioOpenImageIO
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-43996
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.38%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 19:08
Updated-16 May, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenImageIO: Integer wraparound in bounds check of decode_pixel leads to out-of-bounds read in TGA paletted image decoder

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_pixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4, the addition wraps to 0, which compares less than palette_alloc_size and passes the check. The subsequent palette access uses the unwrapped k (0xFFFFFFFC) as the index, reading ~4 GB past the start of the palette buffer — SEGV. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.

Action-Not Available
Vendor-openimageioAcademySoftwareFoundation
Product-openimageioOpenImageIO
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-43618
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-6.1||MEDIUM
EPSS-0.78% / 51.44%
||
7 Day CHG+0.14%
Published-20 May, 2026 | 00:50
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rsync < 3.4.3 Integer Overflow Information Disclosure

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.

Action-Not Available
Vendor-RsyncProjectSambaRed Hat, Inc.
Product-rsyncrsyncRed Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Discovery 2Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-4042
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 24.84%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 12:19
Updated-21 Nov, 2025 | 07:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ghostscript: incomplete fix for cve-2020-16305

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

Action-Not Available
Vendor-Red Hat, Inc.Artifex Software Inc.
Product-codeready_linux_builder_for_ibm_z_systemscodeready_linux_builder_for_power_little_endianghostscriptenterprise_linuxenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systemscodeready_linux_builder_for_arm64enterprise_linux_for_arm_64codeready_linux_builderRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found