memory safety

A subtle memory-management mistake in the Linux kernel’s Quick Fair Queueing (QFQ) packet scheduler has been cataloged as CVE-2026-22999 and fixed upstream: an error path in qfq_change_class() can free the existing class and its qdisc when it should not, producing a use‑after‑free (UAF) that...

A recently recorded Linux-kernel security entry, CVE-2026-22991, fixes a subtle but practical memory-safety bug in the kernel’s Ceph client library (libceph) by hardening the cleanup routine free_choose_arg_map() so it no longer dereferences NULL when its caller fails after a partial allocation...

A recently disclosed flaw in the libpng library — tracked as CVE-2026-22801 — creates an integer truncation in libpng's simplified write APIs that can lead to a heap buffer over‑read and consequent denial‑of‑service or information disclosure when applications call png_write_image_16bit() or...

An overlooked parsing bug in Das U-Boot’s NFS reply handling — tracked as CVE-2019-14195 — allows an attacker who can control the NFS responses seen by a device to trigger an unbounded memcpy and corrupt U-Boot’s stack or heap, creating a realistic pathway to code execution during early boot...

Das U‑Boot contained a network‑exposed memory‑safety flaw — CVE‑2019‑14197 — that allowed an attacker controlling or impersonating an NFS server to trigger an out‑of‑bounds read inside the NFS reply parser (nfs_read_reply), with real potential to leak sensitive memory and, in certain...

A stack‑overflow bug in the widely used asynchronous DNS library c‑ares — tracked as CVE‑2022‑4904 — allows unbounded input to overflow a local stack buffer during sortlist parsing, creating a denial‑of‑service condition and a limited confidentiality/integrity exposure; the defect was fixed...

The Linux kernel received a targeted, upstream fix in July 2024 for a memory-safety bug in the BPF arena subsystem — tracked as CVE-2024-42075 — that could produce a use-after-free when memory regions backed by the BPF arena are remapped. The patch adds a reference counter to account for...

The Rust linear-algebra crate nalgebra contained a deserialization bug that could let crafted input violate a core size invariant, producing out‑of‑bounds memory access and potentially causing memory corruption, crashes, and denial of service in any application that deserializes untrusted data...

Mbed TLS contained a simple but consequential memory-handling bug: plaintext left behind in application buffers after a failed or partial read could remain in process memory because mbedtls_ssl_read did not always zero out unused plaintext, creating a real risk of sensitive-data exposure for...

A heap-buffer-overflow in giflib’s gif2rgb utility (DumpScreen2RGB in gif2rgb.c) was assigned CVE‑2022‑28506: the bug was reported in giflib 5.2.1 and fixed upstream in later maintenance releases, and Microsoft’s MSRC advisory has mapped the issue to Azure Linux — but that mapping is a...

A newly published vulnerability in the GNOME HTTP library libsoup — tracked as CVE-2025-32050 — exposes an integer overflow / buffer under-read in the library’s append_param_quoted() routine that can crash applications or leak memory and has already prompted coordinated vendor advisories and...

A subtle one‑byte out‑of‑bounds read in a content‑sniffing routine has forced a widespread emergency patching wave across Linux distributions and GNOME‑based stacks: CVE‑2025‑2784 is a heap buffer over‑read in libsoup’s content sniffer — specifically in the function that skips “insignificant”...

libxml2 contained a subtle but real use‑after‑free in its tree manipulation code that was assigned CVE‑2023‑45322 — a bug that only triggers after a specific memory allocation fails, but which nevertheless exposes real availability and stability risks for any software that embeds the library...

NASM users and maintainers should treat CVE‑2022‑46456 as a live, unresolved memory‑safety issue: Netwide Assembler (NASM) v2.16 contains a global buffer overflow in the dbg output code (function dbgdbg_typevalue in /output/outdbg.c) that can crash the assembler and, depending on circumstances...

GNU Tar’s handling of an old V7 archive format triggered a subtle memory-safety problem that quietly landed in the CVE lists: CVE-2022-48303 is a one‑byte out‑of‑bounds read in GNU Tar through version 1.34 that can cause use of uninitialized memory during a conditional jump — a bug that was...

A malformed TLS 1.3 packet can crash a wolfSSL server or force it to read memory outside its bounds — a vulnerability tracked as CVE-2024-0901 that was disclosed in early 2024 and fixed by wolfSSL in the 5.7.x release series. This issue is not a local misconfiguration or an edge-case...

A subtle but important memory-initialization fix landed in upstream Linux this spring: CVE-2025-37742 patches an uninitialized-value access in the JFS filesystem by ensuring the in-memory imap structure is zeroed when it’s allocated in the diMount() routine. The result is a low-complexity...

Firefox 125 contained multiple memory-safety defects that Mozilla’s fuzzing team judged serious enough to potentially allow arbitrary code execution; the issues were fixed in Firefox 126 (MFSA2024-21), and any installation running Firefox < 126 (including affected ESR/Thunderbird builds) should...

A critical memory-safety flaw in the widely used cJSON library has been assigned CVE-2025-57052: a logic error in the array-index parsing code lets malformed JSON pointer strings bypass bounds checks, enabling out‑of‑bounds memory access that can crash or corrupt applications that rely on cJSON...

The Linux kernel received a defensive patch in April 2024 closing a dangerous input‑validation gap in the in‑kernel SMB server (ksmbd) that let a malicious userspace component return malformed IPC replies, potentially causing kernel memory corruption and service‑stopping crashes. Background /...