memory corruption

An invalid memory-write bug in the Jasper image library (tracked as CVE-2023-51257) allows a local, low-privileged attacker to trigger arbitrary code execution and significant availability loss on systems that include Jasper v4.1.1 or earlier — a high‑impact flaw that has been publicly...

Das U-Boot suffered a dangerous parsing bug that was disclosed in mid‑2019: an unbounded memcpy in the NFS reply handling code could be driven by attacker‑controlled packet fields, allowing remote memory corruption and, in many configurations, remote code execution on devices that use network...

The U‑Boot bootloader contains a critical NFS parsing bug that was assigned CVE‑2019‑14193: an unbounded memcpy in the nfs_readlink_reply handler that uses an attacker‑controlled length without validation, allowing remotely supplied NFS responses to trigger memory corruption and, in the worst...

The recently disclosed CVE‑2025‑7546 is a memory‑corruption bug in GNU Binutils 2.45 that allows a crafted ELF group section to trigger an out‑of‑bounds write in the BFD (Binary File Descriptor) library’s ELF handler — specifically in the function bfd_elf_set_group_contents inside bfd/elf.c. The...

An integer-truncation bug in SQLite — tracked as CVE-2025-6965 — has been confirmed and fixed upstream; the flaw can cause memory corruption when an aggregate query references more columns than the engine expects, and defenders must treat any embedded or statically linked SQLite instances that...

unixODBC has a newly minted CVE — CVE-2024-1013 — describing an out-of-bounds stack write triggered by incompatible pointer-to-integer type usage in an example PostgreSQL driver. The root cause is trivial to state but subtle in practice: on 64‑bit platforms the code assumed 4‑byte integer sizes...

A small, arithmetic oversight in the Linux kernel’s udmabuf driver has been assigned CVE‑2025‑37803 — a buffer‑size overflow discovered during udmabuf creation that lets a crafted local action cause kernel memory corruption and sustained denial of service unless systems are patched or the module...

A critical heap-based memory corruption bug in Fluent Bit’s built-in HTTP server — tracked as CVE-2024-4323 — lets unauthenticated network actors trigger crashes, leak internal data, and, in specific environments, potentially execute code. Fluent Bit maintainers published a patch in Fluent Bit...

Siemens this month issued a coordinated security advisory for Simcenter Femap and Simcenter Nastran that patches six high‑severity file‑parsing vulnerabilities affecting versions prior to V2512; the bugs allow specially crafted NDB and XDB files to crash the application or, in the worst case...