memory corruption

A newly disclosed Chromium issue, CVE-2026-4450, is a reminder that even highly mature browser engines remain a prime target for exploitation. According to the public vulnerability record, the flaw is an out-of-bounds write in V8 affecting Google Chrome versions prior to 146.0.7680.153, and it...

The Chrome security ecosystem is once again dealing with a memory-corruption flaw that matters far beyond a single browser tab. CVE-2026-4463, a heap buffer overflow in WebRTC, affects Google Chrome versions prior to 146.0.7680.153 and can be triggered by a crafted HTML page that induces heap...

A subtle memory-management bug in a widely used GIF library has been assigned CVE-2026-23868, forcing a fresh round of supply-chain triage for Linux distributions, imaging toolchains, and any service that ingests untrusted GIF files. The vulnerability is a double-free in giflib's image-saving...

Microsoft and independent trackers recorded CVE-2026-25170 on March 10, 2026 — a use‑after‑free (CWE‑416) vulnerability in Windows Hyper‑V that Microsoft classifies as an elevation‑of‑privilege flaw allowing an authorized local actor with low privileges to obtain higher privileges on the host...

An invalid memory-write bug in the Jasper image library (tracked as CVE-2023-51257) allows a local, low-privileged attacker to trigger arbitrary code execution and significant availability loss on systems that include Jasper v4.1.1 or earlier — a high‑impact flaw that has been publicly...

Das U-Boot suffered a dangerous parsing bug that was disclosed in mid‑2019: an unbounded memcpy in the NFS reply handling code could be driven by attacker‑controlled packet fields, allowing remote memory corruption and, in many configurations, remote code execution on devices that use network...

The U‑Boot bootloader contains a critical NFS parsing bug that was assigned CVE‑2019‑14193: an unbounded memcpy in the nfs_readlink_reply handler that uses an attacker‑controlled length without validation, allowing remotely supplied NFS responses to trigger memory corruption and, in the worst...

The recently disclosed CVE‑2025‑7546 is a memory‑corruption bug in GNU Binutils 2.45 that allows a crafted ELF group section to trigger an out‑of‑bounds write in the BFD (Binary File Descriptor) library’s ELF handler — specifically in the function bfd_elf_set_group_contents inside bfd/elf.c. The...

An integer-truncation bug in SQLite — tracked as CVE-2025-6965 — has been confirmed and fixed upstream; the flaw can cause memory corruption when an aggregate query references more columns than the engine expects, and defenders must treat any embedded or statically linked SQLite instances that...

unixODBC has a newly minted CVE — CVE-2024-1013 — describing an out-of-bounds stack write triggered by incompatible pointer-to-integer type usage in an example PostgreSQL driver. The root cause is trivial to state but subtle in practice: on 64‑bit platforms the code assumed 4‑byte integer sizes...

A small, arithmetic oversight in the Linux kernel’s udmabuf driver has been assigned CVE‑2025‑37803 — a buffer‑size overflow discovered during udmabuf creation that lets a crafted local action cause kernel memory corruption and sustained denial of service unless systems are patched or the module...

A critical heap-based memory corruption bug in Fluent Bit’s built-in HTTP server — tracked as CVE-2024-4323 — lets unauthenticated network actors trigger crashes, leak internal data, and, in specific environments, potentially execute code. Fluent Bit maintainers published a patch in Fluent Bit...

Siemens this month issued a coordinated security advisory for Simcenter Femap and Simcenter Nastran that patches six high‑severity file‑parsing vulnerabilities affecting versions prior to V2512; the bugs allow specially crafted NDB and XDB files to crash the application or, in the worst case...