Monthly
Integer overflow in radare2's string utility library affects versions up to 6.1.6, allowing a local low-privileged attacker to crash the application through manipulated input processed by r_str_ndup or r_str_append in libr/util/str.c. The impact is limited to availability - no confidentiality or integrity compromise is confirmed by the CVSS 4.0 vector (VC:N/VI:N/VA:L). Publicly available exploit code exists (CVSS 4.0 E:P), though no active exploitation is confirmed and the vulnerability is not listed in the CISA KEV catalog.
Integer overflow in radare2's hexpairs parser crashes the process for local low-privilege users on versions up to 6.1.6. The flaw exists in the `cmd_anal_opcode` function within `libr/core/cmd_anal.inc.c` and produces only a low availability impact with no confidentiality or integrity consequences. Publicly available exploit code exists, but the local-only attack vector and trivial impact class make this a low-priority finding for most deployments. No active exploitation has been confirmed and this vulnerability is not listed in CISA KEV.
Integer overflow in radare2's binary analysis function exposes local users on systems running version 6.1.6 or earlier to limited confidentiality, integrity, and availability impacts. The flaw resides in the `core_anal_bytes` function within `libr/core/cmd_anal.inc` and requires only low-privilege local access to trigger via crafted binary input. A public proof-of-concept exploit has been disclosed, though no confirmed active exploitation (CISA KEV) is recorded; the CVSS 4.0 score of 1.9 reflects the tightly constrained local-only attack surface and limited impact scope.
Integer coercion error in bettercap's MySQL Server module allows remote attackers to trigger information disclosure through malformed MySQL handshake packets. Versions up to 2.41.5 are affected. The vulnerability requires high attack complexity and has no impact on confidentiality, integrity, or service availability per CVSS 4.0 scoring (VA:L indicates only availability of a non-critical resource), but the described integer manipulation coupled with CWE-189 (numeric errors) suggests potential for partial data exposure or undefined behavior in packet parsing.
Integer coercion error in bettercap's zerogod IPP service allows remote attackers to trigger information disclosure via malformed chunked HTTP requests. Versions up to 2.41.5 are affected. The vulnerability exists in the ippReadChunkedBody function where integer type conversions lack proper bounds validation, enabling attackers to cause memory access violations that leak sensitive data. Publicly available exploit code exists, and while CVSS 2.9 indicates low severity, the attack requires high complexity and has limited impact; however, the vulnerability is confirmed remotely exploitable without authentication.
Integer overflow in MrNanko webp4j versions up to 1.3.x within the GIF decoder's DecodeGifFromMemory function allows local attackers to trigger memory corruption through manipulation of the canvas_height parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict local access to the application until an update is released.
A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. [CVSS 3.3 LOW]
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. [CVSS 5.3 MEDIUM]
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Integer overflow in radare2's string utility library affects versions up to 6.1.6, allowing a local low-privileged attacker to crash the application through manipulated input processed by r_str_ndup or r_str_append in libr/util/str.c. The impact is limited to availability - no confidentiality or integrity compromise is confirmed by the CVSS 4.0 vector (VC:N/VI:N/VA:L). Publicly available exploit code exists (CVSS 4.0 E:P), though no active exploitation is confirmed and the vulnerability is not listed in the CISA KEV catalog.
Integer overflow in radare2's hexpairs parser crashes the process for local low-privilege users on versions up to 6.1.6. The flaw exists in the `cmd_anal_opcode` function within `libr/core/cmd_anal.inc.c` and produces only a low availability impact with no confidentiality or integrity consequences. Publicly available exploit code exists, but the local-only attack vector and trivial impact class make this a low-priority finding for most deployments. No active exploitation has been confirmed and this vulnerability is not listed in CISA KEV.
Integer overflow in radare2's binary analysis function exposes local users on systems running version 6.1.6 or earlier to limited confidentiality, integrity, and availability impacts. The flaw resides in the `core_anal_bytes` function within `libr/core/cmd_anal.inc` and requires only low-privilege local access to trigger via crafted binary input. A public proof-of-concept exploit has been disclosed, though no confirmed active exploitation (CISA KEV) is recorded; the CVSS 4.0 score of 1.9 reflects the tightly constrained local-only attack surface and limited impact scope.
Integer coercion error in bettercap's MySQL Server module allows remote attackers to trigger information disclosure through malformed MySQL handshake packets. Versions up to 2.41.5 are affected. The vulnerability requires high attack complexity and has no impact on confidentiality, integrity, or service availability per CVSS 4.0 scoring (VA:L indicates only availability of a non-critical resource), but the described integer manipulation coupled with CWE-189 (numeric errors) suggests potential for partial data exposure or undefined behavior in packet parsing.
Integer coercion error in bettercap's zerogod IPP service allows remote attackers to trigger information disclosure via malformed chunked HTTP requests. Versions up to 2.41.5 are affected. The vulnerability exists in the ippReadChunkedBody function where integer type conversions lack proper bounds validation, enabling attackers to cause memory access violations that leak sensitive data. Publicly available exploit code exists, and while CVSS 2.9 indicates low severity, the attack requires high complexity and has limited impact; however, the vulnerability is confirmed remotely exploitable without authentication.
Integer overflow in MrNanko webp4j versions up to 1.3.x within the GIF decoder's DecodeGifFromMemory function allows local attackers to trigger memory corruption through manipulation of the canvas_height parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict local access to the application until an update is released.
A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. [CVSS 3.3 LOW]
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. [CVSS 5.3 MEDIUM]
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.