Memory-Corruption

CVE-2026-25276 describes a memory corruption vulnerability in Qualcomm's Strongbox due to a missing bounds check, potentially leading to arbitrary code execution.

CVE-2026-24092 is a memory corruption vulnerability in Qualcomm products arising from improper validation when processing fastboot commands to set the display mode, potentially leading to arbitrary code execution.

CVE-2026-24091 is a memory corruption vulnerability in Qualcomm devices that occurs when processing fastboot commands with improperly formatted input, potentially leading to code execution.

CVE-2026-24089 describes a memory corruption vulnerability in processing fastboot commands with invalid input, potentially leading to arbitrary code execution on affected devices and requiring physical access to trigger.

CVE-2026-24087 is a high-severity memory corruption vulnerability in Qualcomm components that occurs while processing fastboot OEM commands, potentially leading to code execution.

CVE-2026-24085 is a memory corruption vulnerability due to improper initialization of a variable when processing display command line information, potentially leading to a stack-based buffer overflow (CWE-121) and allowing a privileged attacker to achieve code execution.

CVE-2025-59605 is a memory corruption vulnerability in Qualcomm products where processing overly long device identifier strings leads to an out-of-bounds write, potentially allowing for information disclosure, code execution, or denial of service.

CVE-2025-59604 is a memory corruption vulnerability due to invalid writes caused by a null pointer when running a memory copy operation, potentially leading to arbitrary code execution, as reported by Qualcomm.

CVE-2026-42015 is a memory corruption vulnerability due to an off-by-one error in PKCS#12 bag handling in GnuTLS.

CVE-2026-42250 is an off-by-one vulnerability leading to an out-of-bounds write in bzip2, for which Microsoft has released information.

CVE-2026-46163 is a vulnerability in the b43legacy WiFi driver related to a missing bounds check on the firmware key index in the RX path, potentially leading to memory corruption.

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can trigger a memory corruption vulnerability (CVE-2026-7452) allowing arbitrary code execution in the context of the application.

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can trigger CVE-2026-7454, a memory corruption vulnerability allowing arbitrary code execution in the context of the current process.

CVE-2026-7451 is an out-of-bounds write vulnerability in Autodesk 3ds Max that can be exploited via a maliciously crafted TIF file, potentially leading to a crash, data corruption, or arbitrary code execution.

libbabl 0.1.62 contains a double free vulnerability, identified as CVE-2020-37239, that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks, potentially leading to memory corruption and code execution.

A remote memory corruption vulnerability exists in Linux ksmbd that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID, potentially leading to kernel instability, denial of service, or privilege escalation.

A remote, authenticated attacker can exploit multiple vulnerabilities in Asterisk's pjproject to cause denial-of-service or memory corruption, potentially leading to code execution or security bypass.

Pillow versions 10.3.0 through 12.1.1 are vulnerable to an out-of-bounds write in PSD image decoding/encoding due to an integer overflow when computing tile extent sums, potentially leading to arbitrary code execution.

A memory corruption vulnerability, CVE-2025-47408, exists in Qualcomm drivers when another driver calls an IOCTL with an invalid input/output buffer, potentially leading to code execution or denial of service.

CVE-2025-47407 describes a memory corruption vulnerability affecting the digital signal processor due to allocation failure at the kernel level, potentially leading to arbitrary code execution with elevated privileges on affected systems.

CVE-2026-5778 is an integer underflow vulnerability in the ChaCha decrypt path of an unspecified Microsoft product, leading to an out-of-bounds access issue.

CVE-2026-1005 is an integer underflow vulnerability in a Microsoft product that leads to out-of-bounds memory access during AES-GCM/CCM/ARIA-GCM decryption processes, potentially allowing for code execution or information disclosure.

CVE-2026-31478 is a vulnerability in Microsoft's ksmbd implementation related to incorrect calculation of maximum output buffer length, potentially leading to a denial-of-service or remote code execution.

CVE-2026-31507 is a double-free vulnerability in the net/smc module that occurs when the tee() function duplicates a splice pipe buffer, potentially leading to memory corruption and denial of service.

A sandbox escape vulnerability exists in Wasmtime versions 25.0.0 to 36.0.7, 37.0.0 to 42.0.2, and version 43.0.0 when using the Winch compiler backend on aarch64 architecture, potentially allowing a Wasm guest to access host memory outside its sandbox, leading to denial of service, data leaks, or remote code execution.

A memory corruption vulnerability exists in NI LabVIEW due to an out-of-bounds read in mgcore_SH_25_3!aligned_free(), potentially leading to information disclosure or arbitrary code execution if a user opens a specially crafted VI file.

A memory corruption vulnerability due to an out-of-bounds read in NI LabVIEW's `sentry_transaction_context_set_operation()` function could lead to information disclosure or arbitrary code execution by opening a specially crafted VI file.

A memory corruption vulnerability (CVE-2026-32862) in NI LabVIEW versions 2026 Q1 (26.1.0) and prior, stemming from an out-of-bounds write in ResFileFactory::InitResourceMgr(), can lead to information disclosure or arbitrary code execution if a user opens a malicious VI file.

A memory corruption vulnerability exists in NI LabVIEW due to an out-of-bounds write when loading a corrupted LVLIB file, potentially leading to information disclosure or arbitrary code execution if a user opens a specially crafted .lvlib file.

A memory corruption vulnerability exists in NI LabVIEW due to an out-of-bounds write when loading a corrupted LVCLASS file (CVE-2026-32861), potentially leading to information disclosure or arbitrary code execution if a user opens a specially crafted .lvclass file.

CVE-2026-21382 is a memory corruption vulnerability related to handling power management requests with improperly sized input/output buffers, potentially leading to code execution.

CVE-2026-21374 describes a memory corruption vulnerability due to insufficient buffer size validation when processing auxiliary sensor input/output control commands, potentially allowing a local attacker to execute arbitrary code with elevated privileges.

CVE-2026-21375 is a memory corruption vulnerability in Qualcomm chipsets due to insufficient output buffer size validation during IOCTL processing, potentially leading to arbitrary code execution.

A memory corruption vulnerability exists in Qualcomm camera sensor drivers due to insufficient output buffer size validation during IOCTL processing, potentially leading to arbitrary code execution.

A use-after-free vulnerability, identified as CVE-2026-21380, exists due to memory corruption when using deprecated DMABUF IOCTL calls for video memory management, potentially leading to arbitrary code execution.

A memory corruption vulnerability (CVE-2026-21378) exists in a camera sensor driver due to improper validation of output buffer size during IOCTL processing, potentially leading to arbitrary code execution.

CVE-2026-21371 is a memory corruption vulnerability due to insufficient size validation when retrieving an output buffer, potentially leading to information disclosure or arbitrary code execution on affected Qualcomm devices.

A memory corruption vulnerability (CVE-2026-21372) exists when processing IOCTL requests with invalid buffer sizes leading to a heap-based buffer overflow, reported by Qualcomm with a CVSS v3.1 score of 7.8.

CVE-2025-47392 describes a memory corruption vulnerability that occurs when decoding corrupted satellite data files with invalid signature offsets, reported by Qualcomm, Inc.

CVE-2025-47391 is a memory corruption vulnerability due to a stack-based buffer overflow (CWE-121) while processing a frame request, as detailed in the Qualcomm security bulletin for April 2026, potentially leading to arbitrary code execution.

A memory corruption vulnerability (CVE-2025-47390) exists while preprocessing IOCTL requests in the JPEG driver, potentially leading to local privilege escalation or denial of service.

CVE-2025-47389 describes a memory corruption vulnerability stemming from a buffer copy operation failure due to an integer overflow during the attestation report generation process, potentially leading to arbitrary code execution.

Unauthenticated attackers can exploit CVE-2026-3055 (out-of-bounds read) to exfiltrate sensitive data from NetScaler ADC and Gateway, while CVE-2026-4368 (race condition) enables user session hijacking, necessitating immediate patching and enhanced monitoring.

Firefox 148 and Thunderbird 148 contain memory safety bugs that could potentially be exploited to execute arbitrary code, impacting versions prior to 149.

A memory safety vulnerability (CVE-2026-4720) in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 could lead to memory corruption and potential arbitrary code execution if successfully exploited.

Multiple vulnerabilities in GStreamer allow a remote, anonymous attacker to cause a denial-of-service condition, memory corruption, and potentially execute arbitrary code.

A remote attacker can perform an out-of-bounds memory write on Google Chrome by exploiting an integer overflow in the Fonts component via a crafted HTML page in versions prior to 146.0.7680.165.

The rust-openssl package is vulnerable to an out-of-bounds write due to an incorrect bounds assertion in the `aes::unwrap_key()` function, potentially leading to arbitrary code execution if attacker-controlled buffer sizes are permitted.

CVE-2026-24082 is a use-after-free vulnerability in Qualcomm products that occurs when copying data from a freed source during a performance counter deselect operation, potentially leading to memory corruption and arbitrary code execution.

An integer overflow in the `smallbitvec` crate leads to an undersized heap allocation, enabling heap buffer overflows through safe APIs, affecting versions 1.0.1 through 2.6.0.

CVE-2025-47405 is a memory corruption vulnerability in Qualcomm products related to processing camera sensor input/output control codes with invalid output buffers, potentially leading to arbitrary code execution.