CVE-2026-40917
- EPSS 0.17%
- Veröffentlicht 15.04.2026 18:59:09
- Zuletzt bearbeitet 28.04.2026 18:21:27
A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crash...
CVE-2026-40916
- EPSS 0.21%
- Veröffentlicht 15.04.2026 18:58:57
- Zuletzt bearbeitet 28.04.2026 18:29:38
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unco...
CVE-2026-40915
- EPSS 0.38%
- Veröffentlicht 15.04.2026 18:58:52
- Zuletzt bearbeitet 28.04.2026 17:28:06
A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to ...
- EPSS 0.19%
- Veröffentlicht 09.04.2026 14:49:02
- Zuletzt bearbeitet 09.07.2026 18:16:52
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability upd...
CVE-2026-5745
- EPSS 0.16%
- Veröffentlicht 07.04.2026 14:57:31
- Zuletzt bearbeitet 03.05.2026 15:15:58
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without...
CVE-2026-5704
- EPSS 0.43%
- Veröffentlicht 06.04.2026 15:17:27
- Zuletzt bearbeitet 22.04.2026 20:08:59
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allo...
CVE-2026-5673
- EPSS 0.18%
- Veröffentlicht 06.04.2026 09:22:36
- Zuletzt bearbeitet 01.05.2026 19:53:02
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into op...
CVE-2026-2625
- EPSS 0.09%
- Veröffentlicht 03.04.2026 18:38:09
- Zuletzt bearbeitet 01.05.2026 21:00:31
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP...
CVE-2026-35092
- EPSS 0.99%
- Veröffentlicht 01.04.2026 13:18:55
- Zuletzt bearbeitet 26.05.2026 16:16:23
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading ...
CVE-2026-35091
- EPSS 0.87%
- Veröffentlicht 01.04.2026 13:18:53
- Zuletzt bearbeitet 26.05.2026 16:16:23
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to a...