CWE-193
AllowedOff-by-one Error
Abstraction: Base · Status: Draft
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
255 vulnerabilities reference this CWE, most recent first.
GHSA-VH9P-H4P4-Q9VV
Vulnerability from github – Published: 2024-04-17 21:30 – Updated: 2025-06-09 18:32FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2024-31585"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T19:15:08Z",
"severity": "MODERATE"
},
"details": "FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-vh9p-h4p4-q9vv",
"modified": "2025-06-09T18:32:05Z",
"published": "2024-04-17T21:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31585"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"type": "WEB",
"url": "https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06"
},
{
"type": "WEB",
"url": "https://gist.github.com/1047524396/dc2c64ffe0c3934a6176bcd2c5cf5656"
},
{
"type": "WEB",
"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/aec67d3d7d2895bfea61aa1358d9d8e956f8615c..ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06:/libavfilter/avf_showspectrum.c"
},
{
"type": "WEB",
"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/bf2d7b20ea1c7d15dcbaedd479f40295e5c83430..3061bf668feffc7c1f0b244205167b3b86da8015:/libavfilter/avf_showspectrum.c"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJ68-68X2-JWJQ
Vulnerability from github – Published: 2026-07-03 00:31 – Updated: 2026-07-03 00:31An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.
{
"affected": [],
"aliases": [
"CVE-2026-12413"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-02T22:16:42Z",
"severity": "HIGH"
},
"details": "An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md-\u003edigest_roof \u003c elemsof(md-\u003edigest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.",
"id": "GHSA-vj68-68x2-jwjq",
"modified": "2026-07-03T00:31:52Z",
"published": "2026-07-03T00:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12413"
},
{
"type": "WEB",
"url": "https://libreswan.org/security/CVE-2026-12413"
},
{
"type": "WEB",
"url": "https://libreswan.org/security/CVE-2026-12413/CVE-2026-12413.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJH8-WGCX-46J4
Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2024-08-19 18:32In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix off by one in BIOS boundary checking
Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working console.
This is probably only seen on OpenFirmware machines like PowerPC Macs because the BIOS image provided by OF is only the used parts of the ROM, not a power-of-two blocks read from PCI directly so PCs always have empty bytes at the end that are never accessed.
{
"affected": [],
"aliases": [
"CVE-2022-48732"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T12:15:11Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix off by one in BIOS boundary checking\n\nBounds checking when parsing init scripts embedded in the BIOS reject\naccess to the last byte. This causes driver initialization to fail on\nApple eMac\u0027s with GeForce 2 MX GPUs, leaving the system with no working\nconsole.\n\nThis is probably only seen on OpenFirmware machines like PowerPC Macs\nbecause the BIOS image provided by OF is only the used parts of the ROM,\nnot a power-of-two blocks read from PCI directly so PCs always have\nempty bytes at the end that are never accessed.",
"id": "GHSA-vjh8-wgcx-46j4",
"modified": "2024-08-19T18:32:03Z",
"published": "2024-06-20T12:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48732"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPWH-45X6-9GJG
Vulnerability from github – Published: 2022-04-30 18:21 – Updated: 2024-02-15 21:31Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.
{
"affected": [],
"aliases": [
"CVE-2002-1721"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-12-31T05:00:00Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.",
"id": "GHSA-vpwh-45x6-9gjg",
"modified": "2024-02-15T21:31:22Z",
"published": "2022-04-30T18:21:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1721"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8992"
},
{
"type": "WEB",
"url": "http://www.pldaniels.com/altermime/CHANGELOG"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/4650"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVMC-4GQR-H5J4
Vulnerability from github – Published: 2024-10-21 12:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()
The psc->div[] array has psc->num_div elements. These values come from when we call clk_hw_register_div(). It's adc_divisors and ARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be >= instead of > to prevent an out of bounds read.
{
"affected": [],
"aliases": [
"CVE-2024-47686"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T12:15:05Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()\n\nThe psc-\u003ediv[] array has psc-\u003enum_div elements. These values come from\nwhen we call clk_hw_register_div(). It\u0027s adc_divisors and\nARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be \u003e=\ninstead of \u003e to prevent an out of bounds read.",
"id": "GHSA-vvmc-4gqr-h5j4",
"modified": "2025-11-04T00:31:36Z",
"published": "2024-10-21T12:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47686"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27f493e141823db052586010c1532b70b164507c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66e78ade976dbd9bea09166aa8d66afc0963cde4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a5bd2fb92388c51d267f6ce57c40f1cca8af1e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae59eaf36a1ad396e9f657ec9b8b52da6206ed5f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7f06284a6427475e3df742215535ec3f6cd9662"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W3XR-26M4-XC8M
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.
{
"affected": [],
"aliases": [
"CVE-2020-29040"
],
"database_specific": {
"cwe_ids": [
"CWE-193",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-24T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.",
"id": "GHSA-w3xr-26m4-xc8m",
"modified": "2022-05-24T17:34:54Z",
"published": "2022-05-24T17:34:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29040"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-355.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/4"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-355.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W4HQ-62MQ-PF7G
Vulnerability from github – Published: 2022-05-14 02:11 – Updated: 2022-05-14 02:11Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.
{
"affected": [],
"aliases": [
"CVE-2013-0897"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-02-23T21:55:00Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.",
"id": "GHSA-w4hq-62mq-pf7g",
"modified": "2022-05-14T02:11:22Z",
"published": "2022-05-14T02:11:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0897"
},
{
"type": "WEB",
"url": "https://code.google.com/p/chromium/issues/detail?id=165537"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16153"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W52G-GMGW-X986
Vulnerability from github – Published: 2022-04-29 02:56 – Updated: 2024-02-16 21:31Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
{
"affected": [],
"aliases": [
"CVE-2004-0005"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-03-03T05:00:00Z",
"severity": "HIGH"
},
"details": "Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.",
"id": "GHSA-w52g-gmgw-x986",
"modified": "2024-02-16T21:31:29Z",
"published": "2022-04-29T02:56:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0005"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14935"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14938"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14942"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14944"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/200401-04"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
},
{
"type": "WEB",
"url": "http://security.e-matters.de/advisories/012004.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2004/dsa-434"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/190366"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/226974"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/404470"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/655974"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/3736"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1008850"
},
{
"type": "WEB",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5VH-2923-GP5C
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2025-10-22 00:32Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character:
{
"affected": [],
"aliases": [
"CVE-2021-3156"
],
"database_specific": {
"cwe_ids": [
"CWE-193",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-26T21:15:00Z",
"severity": "HIGH"
},
"details": "Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character:",
"id": "GHSA-w5vh-2923-gp5c",
"modified": "2025-10-22T00:32:02Z",
"published": "2022-05-24T17:40:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3156"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_02"
},
{
"type": "WEB",
"url": "https://www.sudo.ws/stable.html#1.9.5p2"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/794544"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156"
},
{
"type": "WEB",
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212177"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210128-0002"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210128-0001"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Feb/42"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Jan/79"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W658-HXQ6-43MX
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-22 15:31A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-6861"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:17:07Z",
"severity": "MODERATE"
},
"details": "A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure.",
"id": "GHSA-w658-hxq6-43mx",
"modified": "2026-04-22T15:31:45Z",
"published": "2026-04-22T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6861"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-6861"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459992"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().
No CAPEC attack patterns related to this CWE.