Vulnerabilities

425 via 1764 paths

Dependencies

413

Source

Group 6 Copy Created with Sketch. Docker

Target OS

debian:12
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 4
  • 22
  • 19
  • 380
Status
  • 425
  • 0
  • 0

critical severity
new

SQL Injection

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_real_escape_string() was supposed to prevent them. This issue has been patched in versions 3.3.19 and 3.4.9.

Remediation

There is no fixed version for Debian:12 mariadb.

References

critical severity

Integer Overflow or Wraparound

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code executes a left shift by 70 on a 64-bit value, which is undefined behavior. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.

Remediation

There is no fixed version for Debian:12 openexr.

References

critical severity

Integer Overflow or Wraparound

  • Vulnerable module: zlib/zlib1g
  • Introduced through: zlib/zlib1g@1:1.2.13.dfsg-1 and zlib/zlib1g-dev@1:1.2.13.dfsg-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm zlib/zlib1g@1:1.2.13.dfsg-1
  • Introduced through: buildpack-deps@bookworm zlib/zlib1g-dev@1:1.2.13.dfsg-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream zlib package and not the zlib package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Remediation

There is no fixed version for Debian:12 zlib.

References

critical severity

Out-of-bounds Read

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed representation. If the previous string is longer than 255 bytes, the next string is expected to begin with a 2-byte prefix length. The code reads stringList[i][0] and stringList[i][1] without checking that the current string has at least two bytes. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.

Remediation

There is no fixed version for Debian:12 openexr.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoReader constructor. The SampleAuxInfoReader constructor iterates over saiz->get_num_samples() samples but doesn't validate that this count is consistent with the number of chunks in the chunks vector. When saiz declares more samples than the chunks cover, the loop increments current_chunk past chunks.size(), causing an out-of-bounds read on the chunks vector. The vulnerability is triggered during file parsing (heif_context_read_from_file) without any additional user interaction. Any application using libheif to open untrusted HEIF files is affected. This issue has been fixed in version 1.22.0.

Remediation

There is no fixed version for Debian:12 libheif.

References

high severity
new

Directory Traversal

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

Remediation

There is no fixed version for Debian:12 mariadb.

References

high severity

Out-of-bounds Read

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Remediation

There is no fixed version for Debian:12 openexr.

References

high severity

Out-of-bounds Write

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.

Remediation

There is no fixed version for Debian:12 openexr.

References

high severity
new

CVE-2026-56208

  • Vulnerable module: aom/libaom3
  • Introduced through: aom/libaom3@3.6.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm aom/libaom3@3.6.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream aom package and not the aom package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a denial of service (process crash) or potentially achieve code execution.

Remediation

There is no fixed version for Debian:12 aom.

References

high severity

Algorithmic Complexity

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

Remediation

There is no fixed version for Debian:12 expat.

References

high severity
new

Integer Underflow

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.74.6-2+deb12u9, glib2.0/libglib2.0-bin@2.74.6-2+deb12u9 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-0@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-bin@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-data@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev-bin@2.74.6-2+deb12u9

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.

Remediation

There is no fixed version for Debian:12 glib2.0.

References

high severity

Heap-based Buffer Overflow

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.

Remediation

There is no fixed version for Debian:12 libde265.

References

high severity

Use of Uninitialized Resource

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). This occurs under default settings; simply reading a malicious EXR file is sufficient to trigger the issue, without any user interaction. This issue has been patched in version 3.4.8.

Remediation

There is no fixed version for Debian:12 openexr.

References

high severity
new

Off-by-one Error

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.74.6-2+deb12u9, glib2.0/libglib2.0-bin@2.74.6-2+deb12u9 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-0@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-bin@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-data@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev-bin@2.74.6-2+deb12u9

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.

Remediation

There is no fixed version for Debian:12 glib2.0.

References

high severity

Heap-based Buffer Overflow

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controlled data beyond the output heap buffer in any application that decodes EXR images. The write primitive is 2 bytes per overflow iteration or 4 bytes (by another path), repeating for each additional pixel past the overflow point. In this context, a heap write overflow can lead to remote code execution on systems. This issue has been patched in version 3.4.7.

Remediation

There is no fixed version for Debian:12 openexr.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.

Remediation

There is no fixed version for Debian:12 openexr.

References

high severity
new

Heap-based Buffer Overflow

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).

Remediation

There is no fixed version for Debian:12 tiff.

References

high severity
new

OS Command Injection

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the rsync SST method. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.

Remediation

There is no fixed version for Debian:12 mariadb.

References

high severity
new

OS Command Injection

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.

Remediation

There is no fixed version for Debian:12 mariadb.

References

high severity
new

Link Following

  • Vulnerable module: acl/libacl1
  • Introduced through: acl/libacl1@2.3.1-3

Detailed paths

  • Introduced through: buildpack-deps@bookworm acl/libacl1@2.3.1-3

NVD Description

Note: Versions mentioned in the description apply only to the upstream acl package and not the acl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.

Remediation

There is no fixed version for Debian:12 acl.

References

high severity
new

CVE-2026-56209

  • Vulnerable module: aom/libaom3
  • Introduced through: aom/libaom3@3.6.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm aom/libaom3@3.6.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream aom package and not the aom package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution.

Remediation

There is no fixed version for Debian:12 aom.

References

high severity
new

CVE-2026-56210

  • Vulnerable module: aom/libaom3
  • Introduced through: aom/libaom3@3.6.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm aom/libaom3@3.6.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream aom package and not the aom package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory).

Remediation

There is no fixed version for Debian:12 aom.

References

high severity
new

CVE-2026-56211

  • Vulnerable module: aom/libaom3
  • Introduced through: aom/libaom3@3.6.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm aom/libaom3@3.6.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream aom package and not the aom package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer context structures. In fork-based video processing services, an attacker can use this to hijack the cyclic refresh map pointer, brute-force the process base address via a crash oracle, and redirect control flow to achieve arbitrary command execution. Exploitation requires the target service to use libaom with SVC encoding enabled and accept attacker-supplied video frames.

Remediation

There is no fixed version for Debian:12 aom.

References

high severity
new

Link Following

  • Vulnerable module: attr/libattr1
  • Introduced through: attr/libattr1@1:2.5.1-4

Detailed paths

  • Introduced through: buildpack-deps@bookworm attr/libattr1@1:2.5.1-4

NVD Description

Note: Versions mentioned in the description apply only to the upstream attr package and not the attr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can redirect getfattr and setfattr operations to arbitrary files by substituting a symlink, leading to local privilege escalation when getfattr or setfattr is invoked by a privileged process over an attacker-controlled path.

Remediation

There is no fixed version for Debian:12 attr.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internal_dwa_compressor.h:1722 performs curc-&gt;width * curc-&gt;height in int32 arithmetic without a (size_t) cast. This is the same overflow pattern fixed in other locations by the recent CVE-2026-34589 batch, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses internal_dwa_compressor.h:1722.

Remediation

There is no fixed version for Debian:12 openexr.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internal_dwa_compressor.h:1040 performs chan-&gt;width * chan-&gt;bytes_per_element in int32 arithmetic without a (size_t) cast. This is the same overflow pattern fixed in other decoders by CVE-2026-34589/34588/34544, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses internal_dwa_compressor.h:1040.

Remediation

There is no fixed version for Debian:12 openexr.

References

medium severity
new

Use After Free

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.38.1-5+deb12u3, util-linux/bsdutils@1:2.38.1-5+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm util-linux@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/bsdutils@1:2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libsmartcols1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libuuid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/mount@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/util-linux-extra@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/uuid-dev@2.38.1-5+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.

Remediation

There is no fixed version for Debian:12 util-linux.

References

medium severity
new

Buffer Over-read

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.74.6-2+deb12u9, glib2.0/libglib2.0-bin@2.74.6-2+deb12u9 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-0@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-bin@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-data@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev-bin@2.74.6-2+deb12u9

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.

Remediation

There is no fixed version for Debian:12 glib2.0.

References

medium severity
new

Buffer Over-read

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.74.6-2+deb12u9, glib2.0/libglib2.0-bin@2.74.6-2+deb12u9 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-0@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-bin@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-data@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev-bin@2.74.6-2+deb12u9

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

Remediation

There is no fixed version for Debian:12 glib2.0.

References

medium severity
new

Buffer Over-read

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.74.6-2+deb12u9, glib2.0/libglib2.0-bin@2.74.6-2+deb12u9 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-0@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-bin@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-data@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev-bin@2.74.6-2+deb12u9

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the G_REGEX_RAW compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

Remediation

There is no fixed version for Debian:12 glib2.0.

References

medium severity
new

Out-of-bounds Read

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.74.6-2+deb12u9, glib2.0/libglib2.0-bin@2.74.6-2+deb12u9 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-0@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-bin@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-data@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev-bin@2.74.6-2+deb12u9

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.

Remediation

There is no fixed version for Debian:12 glib2.0.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX), mapping all samples to an empty chunk and resulting in a denial of service. When any sample is accessed, the library reads from index 0 of an empty std::vector, causing a guaranteed SEGV (null-page read). The file parses successfully without producing an error; the crash occurs on the first frame access. This issue has been fixed in version 1.22.0.

Remediation

There is no fixed version for Debian:12 libheif.

References

medium severity
new

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2-1
  • Introduced through: libssh2/libssh2-1@1.10.0-3+b1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libssh2/libssh2-1@1.10.0-3+b1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh2 package and not the libssh2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response. Attackers can supply a link_len value larger than the actual packet data in SSH_FXP_NAME responses for SFTP READLINK and REALPATH operations, triggering a heap buffer over-read of up to target_len minus one bytes due to the missing validation of available packet buffer size before the memcpy operation.

Remediation

There is no fixed version for Debian:12 libssh2.

References

medium severity
new

Time-of-check Time-of-use (TOCTOU)

  • Vulnerable module: acl/libacl1
  • Introduced through: acl/libacl1@2.3.1-3

Detailed paths

  • Introduced through: buildpack-deps@bookworm acl/libacl1@2.3.1-3

NVD Description

Note: Versions mentioned in the description apply only to the upstream acl package and not the acl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat() check and subsequent symlink-following operations such as stat(), chown(), chmod(), acl_get_file(), and acl_set_file(). Attackers who control a pathname component can redirect file access control list operations to arbitrary files when getfacl, setfacl, or chacl is invoked by a privileged process over an attacker-controlled path, resulting in local privilege escalation.

Remediation

There is no fixed version for Debian:12 acl.

References

medium severity
new

Uncontrolled Recursion

  • Vulnerable module: p11-kit/libp11-kit0
  • Introduced through: p11-kit/libp11-kit0@0.24.1-2

Detailed paths

  • Introduced through: buildpack-deps@bookworm p11-kit/libp11-kit0@0.24.1-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream p11-kit package and not the p11-kit package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.

Remediation

There is no fixed version for Debian:12 p11-kit.

References

medium severity

Use After Free

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

Remediation

There is no fixed version for Debian:12 expat.

References

medium severity
new

CVE-2026-58015

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.74.6-2+deb12u9, glib2.0/libglib2.0-bin@2.74.6-2+deb12u9 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-0@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-bin@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-data@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev-bin@2.74.6-2+deb12u9

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

Remediation

There is no fixed version for Debian:12 glib2.0.

References

medium severity
new

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: libssh2/libssh2-1
  • Introduced through: libssh2/libssh2-1@1.10.0-3+b1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libssh2/libssh2-1@1.10.0-3+b1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh2 package and not the libssh2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops.

Remediation

There is no fixed version for Debian:12 libssh2.

References

medium severity
new

HTTP Request Smuggling

  • Vulnerable module: nghttp2/libnghttp2-14
  • Introduced through: nghttp2/libnghttp2-14@1.52.0-1+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm nghttp2/libnghttp2-14@1.52.0-1+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream nghttp2 package and not the nghttp2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting ambiguous message in the attacker's favor enables HTTP request/response smuggling and cross-client response-queue poisoning.

Remediation

There is no fixed version for Debian:12 nghttp2.

References

medium severity
new

Memory Leak

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

medium severity
new

Incorrect Authorization

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

Remediation

There is no fixed version for Debian:12 mariadb.

References

medium severity

CVE-2025-12781

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.

This behavior can only be insecure if your application uses an alternate base64 alphabet (without "+/"). If your application does not use the "altchars" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet.

The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted "+" or "/" outside of altchars.

Remediation

There is no fixed version for Debian:12 python3.11.

References

medium severity

Authentication Bypass

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.38.1-5+deb12u3, util-linux/bsdutils@1:2.38.1-5+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm util-linux@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/bsdutils@1:2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libsmartcols1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libuuid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/mount@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/util-linux-extra@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/uuid-dev@2.38.1-5+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in util-linux. Improper hostname canonicalization in the login(1) utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAM_RHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.

Remediation

There is no fixed version for Debian:12 util-linux.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay constant but Log2CtbSizeY changes, causing set_SliceHeaderIndex to index past the allocated image metadata array and write 2 bytes past the end of a heap allocation. This issue has been patched in version 1.0.17.

Remediation

There is no fixed version for Debian:12 libde265.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Out-of-bounds Write

  • Vulnerable module: aom/libaom3
  • Introduced through: aom/libaom3@3.6.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm aom/libaom3@3.6.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream aom package and not the aom package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().

Remediation

There is no fixed version for Debian:12 aom.

References

low severity

Out-of-Bounds

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

OS Command Injection

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

CVE-2026-8376

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.

Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer.

A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2005-2541

  • Vulnerable module: tar
  • Introduced through: tar@1.34+dfsg-1.2+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm tar@1.34+dfsg-1.2+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Remediation

There is no fixed version for Debian:12 tar.

References

low severity

Out-of-bounds Write

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

CVE-2026-42496

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.

_make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target.

A subsequent open through the extracted name reads or writes the attacker chosen path.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2025-7458

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.40.1-2+deb12u2 and sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-0@3.40.1-2+deb12u2
  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Remediation

There is no fixed version for Debian:12 sqlite3.

References

low severity

Improper Encoding or Escaping of Output

  • Vulnerable module: git
  • Introduced through: git@1:2.39.5-0+deb12u3 and git/git-man@1:2.39.5-0+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm git@1:2.39.5-0+deb12u3
  • Introduced through: buildpack-deps@bookworm git/git-man@1:2.39.5-0+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.

Remediation

There is no fixed version for Debian:12 git.

References

low severity

CVE-2019-1010023

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

CVE-2023-49463

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

Out-of-Bounds

  • Vulnerable module: libwmf/libwmf-0.2-7
  • Introduced through: libwmf/libwmf-0.2-7@0.2.12-5.1, libwmf/libwmf-dev@0.2.12-5.1 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm libwmf/libwmf-0.2-7@0.2.12-5.1
  • Introduced through: buildpack-deps@bookworm libwmf/libwmf-dev@0.2.12-5.1
  • Introduced through: buildpack-deps@bookworm libwmf/libwmflite-0.2-7@0.2.12-5.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwmf package and not the libwmf package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Remediation

There is no fixed version for Debian:12 libwmf.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Out-of-Bounds

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Out-of-bounds Write

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Improper Certificate Validation

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

Heap-based Buffer Overflow

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: elfutils/libelf1
  • Introduced through: elfutils/libelf1@0.188-2.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm elfutils/libelf1@0.188-2.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 elfutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: elfutils/libelf1
  • Introduced through: elfutils/libelf1@0.188-2.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm elfutils/libelf1@0.188-2.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 elfutils.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

Stack-based Buffer Overflow

  • Vulnerable module: ncurses/libncurses-dev
  • Introduced through: ncurses/libncurses-dev@6.4-4, ncurses/libncurses5-dev@6.4-4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm ncurses/libncurses-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncurses5-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncurses6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncursesw5-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncursesw6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libtinfo6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/ncurses-base@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/ncurses-bin@6.4-4

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

Remediation

There is no fixed version for Debian:12 ncurses.

References

low severity
new

Heap-based Buffer Overflow

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.40.1-2+deb12u2 and sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-0@3.40.1-2+deb12u2
  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database.

Remediation

There is no fixed version for Debian:12 sqlite3.

References

low severity
new

Heap-based Buffer Overflow

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.40.1-2+deb12u2 and sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-0@3.40.1-2+deb12u2
  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5.

Remediation

There is no fixed version for Debian:12 sqlite3.

References

low severity

Out-of-Bounds

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Out-of-Bounds

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Out-of-Bounds

  • Vulnerable module: aom/libaom3
  • Introduced through: aom/libaom3@3.6.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm aom/libaom3@3.6.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream aom package and not the aom package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.

Remediation

There is no fixed version for Debian:12 aom.

References

low severity

CVE-2025-66864

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-66866

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-69649

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Double Free

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases".

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Cleartext Transmission of Sensitive Information

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

Server-Side Request Forgery (SSRF)

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.

libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.

When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should.

This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

Out-of-Bounds

  • Vulnerable module: elfutils/libelf1
  • Introduced through: elfutils/libelf1@0.188-2.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm elfutils/libelf1@0.188-2.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 elfutils.

References

low severity

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

Exposure of Resource to Wrong Sphere

  • Vulnerable module: git
  • Introduced through: git@1:2.39.5-0+deb12u3 and git/git-man@1:2.39.5-0+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm git@1:2.39.5-0+deb12u3
  • Introduced through: buildpack-deps@bookworm git/git-man@1:2.39.5-0+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.

Remediation

There is no fixed version for Debian:12 git.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: harfbuzz/libharfbuzz0b
  • Introduced through: harfbuzz/libharfbuzz0b@6.0.0+dfsg-3

Detailed paths

  • Introduced through: buildpack-deps@bookworm harfbuzz/libharfbuzz0b@6.0.0+dfsg-3

NVD Description

Note: Versions mentioned in the description apply only to the upstream harfbuzz package and not the harfbuzz package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Remediation

There is no fixed version for Debian:12 harfbuzz.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.20.1-2+deb12u5, krb5/libgssapi-krb5-2@1.20.1-2+deb12u5 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm krb5/krb5-multidev@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libgssapi-krb5-2@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libgssrpc4@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libk5crypto3@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkadm5clnt-mit12@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkadm5srv-mit12@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkdb5-10@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5-3@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5-dev@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5support0@1.20.1-2+deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Remediation

There is no fixed version for Debian:12 krb5.

References

low severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: libgcrypt20
  • Introduced through: libgcrypt20@1.10.1-3+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libgcrypt20@1.10.1-3+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Remediation

There is no fixed version for Debian:12 libgcrypt20.

References

low severity

Use of Uninitialized Variable

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexr_exrcheck_fuzzer, Valgrind reports a conditional branch depending on uninitialized data inside generic_unpack. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Cryptographic Issues

  • Vulnerable module: openldap/libldap-2.5-0
  • Introduced through: openldap/libldap-2.5-0@2.5.13+dfsg-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openldap/libldap-2.5-0@2.5.13+dfsg-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Remediation

There is no fixed version for Debian:12 openldap.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openldap/libldap-2.5-0
  • Introduced through: openldap/libldap-2.5-0@2.5.13+dfsg-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openldap/libldap-2.5-0@2.5.13+dfsg-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Remediation

There is no fixed version for Debian:12 openldap.

References

low severity

Out-of-Bounds

  • Vulnerable module: openldap/libldap-2.5-0
  • Introduced through: openldap/libldap-2.5-0@2.5.13+dfsg-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openldap/libldap-2.5-0@2.5.13+dfsg-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

Remediation

There is no fixed version for Debian:12 openldap.

References

low severity

Double Free

  • Vulnerable module: patch
  • Introduced through: patch@2.7.6-7

Detailed paths

  • Introduced through: buildpack-deps@bookworm patch@2.7.6-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Remediation

There is no fixed version for Debian:12 patch.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: patch
  • Introduced through: patch@2.7.6-7

Detailed paths

  • Introduced through: buildpack-deps@bookworm patch@2.7.6-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Remediation

There is no fixed version for Debian:12 patch.

References

low severity

CVE-2026-42497

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.

_make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode.

A subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header's mode, owner, and timestamps to the shared inode during extraction alone.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2026-9538

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.

_read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value.

A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2025-69534

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-3644

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-4224

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-7210

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Out-of-bounds Write

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

OS Command Injection

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:9.2p1-2+deb12u10

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssh/openssh-client@1:9.2p1-2+deb12u10

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Remediation

There is no fixed version for Debian:12 openssh.

References

low severity

Numeric Errors

  • Vulnerable module: libssh2/libssh2-1
  • Introduced through: libssh2/libssh2-1@1.10.0-3+b1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libssh2/libssh2-1@1.10.0-3+b1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh2 package and not the libssh2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Remediation

There is no fixed version for Debian:12 libssh2.

References

low severity

CVE-2008-1687

  • Vulnerable module: m4
  • Introduced through: m4@1.4.19-3

Detailed paths

  • Introduced through: buildpack-deps@bookworm m4@1.4.19-3

NVD Description

Note: Versions mentioned in the description apply only to the upstream m4 package and not the m4 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.

Remediation

There is no fixed version for Debian:12 m4.

References

low severity

CVE-2008-1688

  • Vulnerable module: m4
  • Introduced through: m4@1.4.19-3

Detailed paths

  • Introduced through: buildpack-deps@bookworm m4@1.4.19-3

NVD Description

Note: Versions mentioned in the description apply only to the upstream m4 package and not the m4 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.

Remediation

There is no fixed version for Debian:12 m4.

References

low severity

Out-of-Bounds

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay(). The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to size_t and is passed to memcpy, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using iovl overlay boxes.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

Inappropriate Encoding for Output Context

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:9.2p1-2+deb12u10

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssh/openssh-client@1:9.2p1-2+deb12u10

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Remediation

There is no fixed version for Debian:12 openssh.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-7, cairo/libcairo-script-interpreter2@1.16.0-7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm cairo/libcairo-gobject2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo-script-interpreter2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2-dev@1.16.0-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Remediation

There is no fixed version for Debian:12 cairo.

References

low severity

Out-of-bounds Write

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-7, cairo/libcairo-script-interpreter2@1.16.0-7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm cairo/libcairo-gobject2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo-script-interpreter2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2-dev@1.16.0-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

Remediation

There is no fixed version for Debian:12 cairo.

References

low severity

Reachable Assertion

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-7, cairo/libcairo-script-interpreter2@1.16.0-7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm cairo/libcairo-gobject2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo-script-interpreter2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2-dev@1.16.0-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

Remediation

There is no fixed version for Debian:12 cairo.

References

low severity

Improper Input Validation

  • Vulnerable module: coreutils
  • Introduced through: coreutils@9.1-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm coreutils@9.1-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Remediation

There is no fixed version for Debian:12 coreutils.

References

low severity

Insufficient Session Expiration

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host.

libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.

When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials.

An application that first uses Negotiate authentication to a server with user1:password1 and then does another operation to the same server asking for any authentication method but for user2:password2 (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Resource Exhaustion

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Out-of-Bounds

  • Vulnerable module: jbigkit/libjbig-dev
  • Introduced through: jbigkit/libjbig-dev@2.1-6.1 and jbigkit/libjbig0@2.1-6.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm jbigkit/libjbig-dev@2.1-6.1
  • Introduced through: buildpack-deps@bookworm jbigkit/libjbig0@2.1-6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream jbigkit package and not the jbigkit package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

Remediation

There is no fixed version for Debian:12 jbigkit.

References

low severity

CVE-2026-21968

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Remediation

There is no fixed version for Debian:12 mariadb.

References

low severity

CVE-2023-50495

  • Vulnerable module: ncurses/libncurses-dev
  • Introduced through: ncurses/libncurses-dev@6.4-4, ncurses/libncurses5-dev@6.4-4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm ncurses/libncurses-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncurses5-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncurses6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncursesw5-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncursesw6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libtinfo6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/ncurses-base@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/ncurses-bin@6.4-4

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

Remediation

There is no fixed version for Debian:12 ncurses.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Out-of-Bounds

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Divide By Zero

  • Vulnerable module: pixman/libpixman-1-0
  • Introduced through: pixman/libpixman-1-0@0.42.2-1 and pixman/libpixman-1-dev@0.42.2-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm pixman/libpixman-1-0@0.42.2-1
  • Introduced through: buildpack-deps@bookworm pixman/libpixman-1-dev@0.42.2-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream pixman package and not the pixman package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.

Remediation

There is no fixed version for Debian:12 pixman.

References

low severity

Improper Resource Shutdown or Release

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Resource Exhaustion

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Numeric Errors

  • Vulnerable module: libwmf/libwmf-0.2-7
  • Introduced through: libwmf/libwmf-0.2-7@0.2.12-5.1, libwmf/libwmf-dev@0.2.12-5.1 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm libwmf/libwmf-0.2-7@0.2.12-5.1
  • Introduced through: buildpack-deps@bookworm libwmf/libwmf-dev@0.2.12-5.1
  • Introduced through: buildpack-deps@bookworm libwmf/libwmflite-0.2-7@0.2.12-5.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwmf package and not the libwmf package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

Remediation

There is no fixed version for Debian:12 libwmf.

References

low severity

Access Restriction Bypass

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:9.2p1-2+deb12u10

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssh/openssh-client@1:9.2p1-2+deb12u10

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

Remediation

There is no fixed version for Debian:12 openssh.

References

low severity

Memory Leak

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.14+dfsg-1.3~deb12u5 and libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxml2@2.9.14+dfsg-1.3~deb12u5
  • Introduced through: buildpack-deps@bookworm libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

Remediation

There is no fixed version for Debian:12 libxml2.

References

low severity

Access Restriction Bypass

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.13+dfsg1-1+deb12u2 and shadow/passwd@1:4.13+dfsg1-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm shadow/login@1:4.13+dfsg1-1+deb12u2
  • Introduced through: buildpack-deps@bookworm shadow/passwd@1:4.13+dfsg1-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

Remediation

There is no fixed version for Debian:12 shadow.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Improper Encoding or Escaping of Output

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

Out-of-bounds Read

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Out-of-bounds Read

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.38.1-5+deb12u3, util-linux/bsdutils@1:2.38.1-5+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm util-linux@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/bsdutils@1:2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libsmartcols1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libuuid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/mount@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/util-linux-extra@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/uuid-dev@2.38.1-5+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Remediation

There is no fixed version for Debian:12 util-linux.

References

low severity

Open Redirect

  • Vulnerable module: wget
  • Introduced through: wget@1.21.3-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm wget@1.21.3-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream wget package and not the wget package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Remediation

There is no fixed version for Debian:12 wget.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Race Condition

  • Vulnerable module: dav1d/libdav1d6
  • Introduced through: dav1d/libdav1d6@1.0.0-2+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm dav1d/libdav1d6@1.0.0-2+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream dav1d package and not the dav1d package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.

Remediation

There is no fixed version for Debian:12 dav1d.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.14+dfsg-1.3~deb12u5 and libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxml2@2.9.14+dfsg-1.3~deb12u5
  • Introduced through: buildpack-deps@bookworm libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Remediation

There is no fixed version for Debian:12 libxml2.

References

low severity

Information Exposure

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:9.2p1-2+deb12u10

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssh/openssh-client@1:9.2p1-2+deb12u10

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Remediation

There is no fixed version for Debian:12 openssh.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-69651

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Memory Leak

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Resource Exhaustion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the readelf utility becoming unresponsive or crashing, leading to a denial of service.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Unchecked Return Value

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-7, cairo/libcairo-script-interpreter2@1.16.0-7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm cairo/libcairo-gobject2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo-script-interpreter2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2-dev@1.16.0-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Remediation

There is no fixed version for Debian:12 cairo.

References

low severity

Improper Resource Shutdown or Release

  • Vulnerable module: elfutils/libelf1
  • Introduced through: elfutils/libelf1@0.188-2.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm elfutils/libelf1@0.188-2.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 elfutils.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: elfutils/libelf1
  • Introduced through: elfutils/libelf1@0.188-2.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm elfutils/libelf1@0.188-2.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 elfutils.

References

low severity

Algorithmic Complexity

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: gcc-12
  • Introduced through: gcc-12@12.2.0-14+deb12u1, gcc-12/cpp-12@12.2.0-14+deb12u1 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm gcc-12@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/cpp-12@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/g++-12@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/gcc-12-base@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libasan8@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libatomic1@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libcc1-0@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libgcc-12-dev@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libgcc-s1@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libgomp1@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libitm1@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/liblsan0@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libquadmath0@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libstdc++-12-dev@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libstdc++6@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libtsan2@12.2.0-14+deb12u1
  • Introduced through: buildpack-deps@bookworm gcc-12/libubsan1@12.2.0-14+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

Remediation

There is no fixed version for Debian:12 gcc-12.

References

low severity

CVE-2005-0406

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Out-of-Bounds

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Out-of-bounds Read

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Buffer Overflow

  • Vulnerable module: libpng1.6/libpng-dev
  • Introduced through: libpng1.6/libpng-dev@1.6.39-2+deb12u5 and libpng1.6/libpng16-16@1.6.39-2+deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libpng1.6/libpng-dev@1.6.39-2+deb12u5
  • Introduced through: buildpack-deps@bookworm libpng1.6/libpng16-16@1.6.39-2+deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpng1.6 package and not the libpng1.6 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Remediation

There is no fixed version for Debian:12 libpng1.6.

References

low severity

Expired Pointer Dereference

  • Vulnerable module: libxslt/libxslt1-dev
  • Introduced through: libxslt/libxslt1-dev@1.1.35-1+deb12u4 and libxslt/libxslt1.1@1.1.35-1+deb12u4

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxslt/libxslt1-dev@1.1.35-1+deb12u4
  • Introduced through: buildpack-deps@bookworm libxslt/libxslt1.1@1.1.35-1+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxslt package and not the libxslt package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

Remediation

There is no fixed version for Debian:12 libxslt.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Resource Exhaustion

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Release of Invalid Pointer or Reference

  • Vulnerable module: patch
  • Introduced through: patch@2.7.6-7

Detailed paths

  • Introduced through: buildpack-deps@bookworm patch@2.7.6-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

Remediation

There is no fixed version for Debian:12 patch.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.40.1-2+deb12u2 and sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-0@3.40.1-2+deb12u2
  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

Remediation

There is no fixed version for Debian:12 sqlite3.

References

low severity

Unrestricted Upload of File with Dangerous Type

  • Vulnerable module: tar
  • Introduced through: tar@1.34+dfsg-1.2+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm tar@1.34+dfsg-1.2+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

Remediation

There is no fixed version for Debian:12 tar.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Out-of-bounds Write

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Information Exposure

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.38.1-5+deb12u3, util-linux/bsdutils@1:2.38.1-5+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm util-linux@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/bsdutils@1:2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libsmartcols1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libuuid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/mount@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/util-linux-extra@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/uuid-dev@2.38.1-5+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Remediation

There is no fixed version for Debian:12 util-linux.

References

low severity

Improper Validation of Specified Quantity in Input

  • Vulnerable module: zlib/zlib1g
  • Introduced through: zlib/zlib1g@1:1.2.13.dfsg-1 and zlib/zlib1g-dev@1:1.2.13.dfsg-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm zlib/zlib1g@1:1.2.13.dfsg-1
  • Introduced through: buildpack-deps@bookworm zlib/zlib1g-dev@1:1.2.13.dfsg-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream zlib package and not the zlib package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Remediation

There is no fixed version for Debian:12 zlib.

References

low severity

Directory Traversal

  • Vulnerable module: patch
  • Introduced through: patch@2.7.6-7

Detailed paths

  • Introduced through: buildpack-deps@bookworm patch@2.7.6-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.

Remediation

There is no fixed version for Debian:12 patch.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Authentication Bypass

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Successfully using libcurl to do a transfer over a specific HTTP proxy (proxyA) with Digest authentication and then changing the proxy host to a second one (proxyB) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to proxyB.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

Cryptographic Issues

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.74.6-2+deb12u9, glib2.0/libglib2.0-bin@2.74.6-2+deb12u9 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-0@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-bin@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-data@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev@2.74.6-2+deb12u9
  • Introduced through: buildpack-deps@bookworm glib2.0/libglib2.0-dev-bin@2.74.6-2+deb12u9

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

Remediation

There is no fixed version for Debian:12 glib2.0.

References

low severity

Information Exposure

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

Use of Insufficiently Random Values

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

Reliance on Undefined

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Resource Management Errors

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Out-of-Bounds

  • Vulnerable module: libpng1.6/libpng-dev
  • Introduced through: libpng1.6/libpng-dev@1.6.39-2+deb12u5 and libpng1.6/libpng16-16@1.6.39-2+deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libpng1.6/libpng-dev@1.6.39-2+deb12u5
  • Introduced through: buildpack-deps@bookworm libpng1.6/libpng16-16@1.6.39-2+deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpng1.6 package and not the libpng1.6 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Remediation

There is no fixed version for Debian:12 libpng1.6.

References

low severity

Resource Management Errors

  • Vulnerable module: libwmf/libwmf-0.2-7
  • Introduced through: libwmf/libwmf-0.2-7@0.2.12-5.1, libwmf/libwmf-dev@0.2.12-5.1 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm libwmf/libwmf-0.2-7@0.2.12-5.1
  • Introduced through: buildpack-deps@bookworm libwmf/libwmf-dev@0.2.12-5.1
  • Introduced through: buildpack-deps@bookworm libwmf/libwmflite-0.2-7@0.2.12-5.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwmf package and not the libwmf package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.

Remediation

There is no fixed version for Debian:12 libwmf.

References

low severity

Use of Insufficiently Random Values

  • Vulnerable module: libxslt/libxslt1-dev
  • Introduced through: libxslt/libxslt1-dev@1.1.35-1+deb12u4 and libxslt/libxslt1.1@1.1.35-1+deb12u4

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxslt/libxslt1-dev@1.1.35-1+deb12u4
  • Introduced through: buildpack-deps@bookworm libxslt/libxslt1.1@1.1.35-1+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxslt package and not the libxslt package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Remediation

There is no fixed version for Debian:12 libxslt.

References

low severity

CVE-2016-20012

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:9.2p1-2+deb12u10

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssh/openssh-client@1:9.2p1-2+deb12u10

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

Remediation

There is no fixed version for Debian:12 openssh.

References

low severity

Improper Authentication

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:9.2p1-2+deb12u10

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssh/openssh-client@1:9.2p1-2+deb12u10

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

Remediation

There is no fixed version for Debian:12 openssh.

References

low severity

Information Exposure

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:9.2p1-2+deb12u10

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssh/openssh-client@1:9.2p1-2+deb12u10

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Remediation

There is no fixed version for Debian:12 openssh.

References

low severity

Improper Validation of Integrity Check Value

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@252.39-1~deb12u2 and systemd/libudev1@252.39-1~deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm systemd/libsystemd0@252.39-1~deb12u2
  • Introduced through: buildpack-deps@bookworm systemd/libudev1@252.39-1~deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

Remediation

There is no fixed version for Debian:12 systemd.

References

low severity

Improper Validation of Integrity Check Value

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@252.39-1~deb12u2 and systemd/libudev1@252.39-1~deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm systemd/libsystemd0@252.39-1~deb12u2
  • Introduced through: buildpack-deps@bookworm systemd/libudev1@252.39-1~deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

Remediation

There is no fixed version for Debian:12 systemd.

References

low severity

Improper Validation of Integrity Check Value

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@252.39-1~deb12u2 and systemd/libudev1@252.39-1~deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm systemd/libsystemd0@252.39-1~deb12u2
  • Introduced through: buildpack-deps@bookworm systemd/libudev1@252.39-1~deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

Remediation

There is no fixed version for Debian:12 systemd.

References

low severity

Out-of-Bounds

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Heap-based Buffer Overflow

  • Vulnerable module: xz-utils
  • Introduced through: xz-utils@5.4.1-1, xz-utils/liblzma-dev@5.4.1-1 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm xz-utils@5.4.1-1
  • Introduced through: buildpack-deps@bookworm xz-utils/liblzma-dev@5.4.1-1
  • Introduced through: buildpack-deps@bookworm xz-utils/liblzma5@5.4.1-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

Remediation

There is no fixed version for Debian:12 xz-utils.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Improper Input Validation

  • Vulnerable module: git
  • Introduced through: git@1:2.39.5-0+deb12u3 and git/git-man@1:2.39.5-0+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm git@1:2.39.5-0+deb12u3
  • Introduced through: buildpack-deps@bookworm git/git-man@1:2.39.5-0+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

Remediation

There is no fixed version for Debian:12 git.

References

low severity
new

Integer Underflow

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.20.1-2+deb12u5, krb5/libgssapi-krb5-2@1.20.1-2+deb12u5 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm krb5/krb5-multidev@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libgssapi-krb5-2@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libgssrpc4@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libk5crypto3@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkadm5clnt-mit12@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkadm5srv-mit12@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkdb5-10@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5-3@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5-dev@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5support0@1.20.1-2+deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.

Remediation

There is no fixed version for Debian:12 krb5.

References

low severity

Double Free

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Race Condition

  • Vulnerable module: coreutils
  • Introduced through: coreutils@9.1-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm coreutils@9.1-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

Remediation

There is no fixed version for Debian:12 coreutils.

References

low severity

Improper Resource Shutdown or Release

  • Vulnerable module: elfutils/libelf1
  • Introduced through: elfutils/libelf1@0.188-2.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm elfutils/libelf1@0.188-2.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 elfutils.

References

low severity

CVE-2025-30258

  • Vulnerable module: gnupg2/dirmngr
  • Introduced through: gnupg2/dirmngr@2.2.40-1.1+deb12u2, gnupg2/gnupg@2.2.40-1.1+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm gnupg2/dirmngr@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg-l10n@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg-utils@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-agent@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-wks-client@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-wks-server@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgconf@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgsm@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgv@2.2.40-1.1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

Remediation

There is no fixed version for Debian:12 gnupg2.

References

low severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: gnupg2/dirmngr
  • Introduced through: gnupg2/dirmngr@2.2.40-1.1+deb12u2, gnupg2/gnupg@2.2.40-1.1+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm gnupg2/dirmngr@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg-l10n@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg-utils@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-agent@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-wks-client@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-wks-server@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgconf@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgsm@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgv@2.2.40-1.1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Remediation

There is no fixed version for Debian:12 gnupg2.

References

low severity

Improper Initialization

  • Vulnerable module: openldap/libldap-2.5-0
  • Introduced through: openldap/libldap-2.5-0@2.5.13+dfsg-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openldap/libldap-2.5-0@2.5.13+dfsg-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript.

Remediation

There is no fixed version for Debian:12 openldap.

References

low severity

Insecure Storage of Sensitive Information

  • Vulnerable module: pam/libpam-modules
  • Introduced through: pam/libpam-modules@1.5.2-6+deb12u2, pam/libpam-modules-bin@1.5.2-6+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm pam/libpam-modules@1.5.2-6+deb12u2
  • Introduced through: buildpack-deps@bookworm pam/libpam-modules-bin@1.5.2-6+deb12u2
  • Introduced through: buildpack-deps@bookworm pam/libpam-runtime@1.5.2-6+deb12u2
  • Introduced through: buildpack-deps@bookworm pam/libpam0g@1.5.2-6+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Remediation

There is no fixed version for Debian:12 pam.

References

low severity

Stack-based Buffer Overflow

  • Vulnerable module: coreutils
  • Introduced through: coreutils@9.1-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm coreutils@9.1-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

Remediation

There is no fixed version for Debian:12 coreutils.

References

low severity

Link Following

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@252.39-1~deb12u2 and systemd/libudev1@252.39-1~deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm systemd/libsystemd0@252.39-1~deb12u2
  • Introduced through: buildpack-deps@bookworm systemd/libudev1@252.39-1~deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

Remediation

There is no fixed version for Debian:12 systemd.

References

low severity

Resource Management Errors

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

Improper Input Validation

  • Vulnerable module: gnutls28/libgnutls30
  • Introduced through: gnutls28/libgnutls30@3.7.9-2+deb12u7

Detailed paths

  • Introduced through: buildpack-deps@bookworm gnutls28/libgnutls30@3.7.9-2+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Remediation

There is no fixed version for Debian:12 gnutls28.

References

low severity

Numeric Errors

  • Vulnerable module: libwmf/libwmf-0.2-7
  • Introduced through: libwmf/libwmf-0.2-7@0.2.12-5.1, libwmf/libwmf-dev@0.2.12-5.1 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm libwmf/libwmf-0.2-7@0.2.12-5.1
  • Introduced through: buildpack-deps@bookworm libwmf/libwmf-dev@0.2.12-5.1
  • Introduced through: buildpack-deps@bookworm libwmf/libwmflite-0.2-7@0.2.12-5.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwmf package and not the libwmf package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

Remediation

There is no fixed version for Debian:12 libwmf.

References

low severity

Information Exposure

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:9.2p1-2+deb12u10

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssh/openssh-client@1:9.2p1-2+deb12u10

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

Remediation

There is no fixed version for Debian:12 openssh.

References

low severity

Memory Leak

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.40.1-2+deb12u2 and sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-0@3.40.1-2+deb12u2
  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.

Remediation

There is no fixed version for Debian:12 sqlite3.

References

low severity

Improper Certificate Validation

  • Vulnerable module: openldap/libldap-2.5-0
  • Introduced through: openldap/libldap-2.5-0@2.5.13+dfsg-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openldap/libldap-2.5-0@2.5.13+dfsg-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

Remediation

There is no fixed version for Debian:12 openldap.

References

low severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: apt
  • Introduced through: apt@2.6.1 and apt/libapt-pkg6.0@2.6.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm apt@2.6.1
  • Introduced through: buildpack-deps@bookworm apt/libapt-pkg6.0@2.6.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream apt package and not the apt package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Remediation

There is no fixed version for Debian:12 apt.

References

low severity

Memory Leak

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity
new

Memory Leak

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Memory Leak

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Out-of-bounds Read

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Out-of-bounds Read

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Reusing a Nonce

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Use After Free

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.14+dfsg-1.3~deb12u5 and libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxml2@2.9.14+dfsg-1.3~deb12u5
  • Introduced through: buildpack-deps@bookworm libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Remediation

There is no fixed version for Debian:12 libxml2.

References

low severity

Memory Leak

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Write

  • Vulnerable module: gnupg2/dirmngr
  • Introduced through: gnupg2/dirmngr@2.2.40-1.1+deb12u2, gnupg2/gnupg@2.2.40-1.1+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm gnupg2/dirmngr@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg-l10n@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg-utils@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-agent@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-wks-client@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-wks-server@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgconf@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgsm@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgv@2.2.40-1.1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

Remediation

There is no fixed version for Debian:12 gnupg2.

References

low severity
new

Directory Traversal

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Out-of-bounds Read

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Out-of-bounds Read

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

Out-of-Bounds

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

Improper Resource Shutdown or Release

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.14+dfsg-1.3~deb12u5 and libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxml2@2.9.14+dfsg-1.3~deb12u5
  • Introduced through: buildpack-deps@bookworm libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."

Remediation

There is no fixed version for Debian:12 libxml2.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses-dev
  • Introduced through: ncurses/libncurses-dev@6.4-4, ncurses/libncurses5-dev@6.4-4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm ncurses/libncurses-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncurses5-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncurses6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncursesw5-dev@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libncursesw6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/libtinfo6@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/ncurses-base@6.4-4
  • Introduced through: buildpack-deps@bookworm ncurses/ncurses-bin@6.4-4

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Remediation

There is no fixed version for Debian:12 ncurses.

References

low severity

Link Following

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

Out-of-bounds Write

  • Vulnerable module: procps
  • Introduced through: procps@2:4.0.2-3 and procps/libproc2-0@2:4.0.2-3

Detailed paths

  • Introduced through: buildpack-deps@bookworm procps@2:4.0.2-3
  • Introduced through: buildpack-deps@bookworm procps/libproc2-0@2:4.0.2-3

NVD Description

Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

Remediation

There is no fixed version for Debian:12 procps.

References

low severity

CVE-2025-13462

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-4519

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

Incorrect Resource Transfer Between Spheres

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@252.39-1~deb12u2 and systemd/libudev1@252.39-1~deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm systemd/libsystemd0@252.39-1~deb12u2
  • Introduced through: buildpack-deps@bookworm systemd/libudev1@252.39-1~deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

Remediation

There is no fixed version for Debian:12 systemd.

References

low severity

Out-of-Bounds

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Out-of-bounds Write

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: unzip
  • Introduced through: unzip@6.0-28

Detailed paths

  • Introduced through: buildpack-deps@bookworm unzip@6.0-28

NVD Description

Note: Versions mentioned in the description apply only to the upstream unzip package and not the unzip package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Remediation

There is no fixed version for Debian:12 unzip.

References

low severity

Memory Leak

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Memory Leak

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Memory Leak

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Memory Leak

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: libxslt/libxslt1-dev
  • Introduced through: libxslt/libxslt1-dev@1.1.35-1+deb12u4 and libxslt/libxslt1.1@1.1.35-1+deb12u4

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxslt/libxslt1-dev@1.1.35-1+deb12u4
  • Introduced through: buildpack-deps@bookworm libxslt/libxslt1.1@1.1.35-1+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxslt package and not the libxslt package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Remediation

There is no fixed version for Debian:12 libxslt.

References

low severity

Resource Exhaustion

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.14+dfsg-1.3~deb12u5 and libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxml2@2.9.14+dfsg-1.3~deb12u5
  • Introduced through: buildpack-deps@bookworm libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Remediation

There is no fixed version for Debian:12 libxml2.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

Improper Resource Shutdown or Release

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Improper Resource Shutdown or Release

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity

Memory Leak

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all".

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity
new

Memory Leak

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

CVE-2024-53589

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2024-57360

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: nm --without-symbol-version function.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-66861

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-66862

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-66863

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-66865

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-69644

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-69645

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-69646

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-69647

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-69648

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

CVE-2025-69652

  • Vulnerable module: binutils
  • Introduced through: binutils@2.40-2, binutils/binutils-common@2.40-2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm binutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-common@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/binutils-x86-64-linux-gnu@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libbinutils@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf-nobfd0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libctf0@2.40-2
  • Introduced through: buildpack-deps@bookworm binutils/libgprofng0@2.40-2

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

Remediation

There is no fixed version for Debian:12 binutils.

References

low severity

Out-of-bounds Write

  • Vulnerable module: bzip2/bzip2
  • Introduced through: bzip2/bzip2@1.0.8-5+b1, bzip2/libbz2-1.0@1.0.8-5+b1 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm bzip2/bzip2@1.0.8-5+b1
  • Introduced through: buildpack-deps@bookworm bzip2/libbz2-1.0@1.0.8-5+b1
  • Introduced through: buildpack-deps@bookworm bzip2/libbz2-dev@1.0.8-5+b1

NVD Description

Note: Versions mentioned in the description apply only to the upstream bzip2 package and not the bzip2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service).

This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

Remediation

There is no fixed version for Debian:12 bzip2.

References

low severity

Reachable Assertion

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-7, cairo/libcairo-script-interpreter2@1.16.0-7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm cairo/libcairo-gobject2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo-script-interpreter2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2@1.16.0-7
  • Introduced through: buildpack-deps@bookworm cairo/libcairo2-dev@1.16.0-7

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

Remediation

There is no fixed version for Debian:12 cairo.

References

low severity

Buffer Overflow

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2025-10148

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection.

A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2025-10966

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.

This prevents curl from detecting MITM attackers and more.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2025-14017

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers.

Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2025-14819

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2025-15079

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2025-15224

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-10536

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPT_STREAM_DEPENDS or CURLOPT_STREAM_DEPENDS_E, subsequently invokes curl_easy_reset(), and finally terminates the handle with curl_easy_cleanup(). During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-11856

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Successfully using libcurl to do a transfer to a specific HTTP origin (hostA) with Digest authentication and then changing the origin to a different one (hostB) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-12064

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When a user invokes curl using a schemeless URL combined with --proto-default sftp (or scp), a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS. Conversely, the libcurl runtime successfully honors CURLOPT_DEFAULT_PROTOCOL and establishes the connection via SFTP/SCP as specified. Because the tool layer skipped the security configuration, these SSH host verification options are silently omitted, causing curl to connect to an unverified SSH remote host without throwing an error.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2026-1965

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.

libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.

When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates connections and not requests, contrary to how HTTP is designed to work.

An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with user1:password1 and then does another operation to the same server also using Negotiate but with user2:password2 (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1...

The set of authentication methods to use is set with CURLOPT_HTTPAUTH.

Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: CURLOPT_FRESH_CONNECT, CURLOPT_MAXCONNECTS and CURLMOPT_MAX_HOST_CONNECTIONS (if using the curl_multi API).

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2026-3783

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances.

If the hostname that the first request is redirected to has information in the used .netrc file, with either of the machine or default keywords, curl would pass on the bearer token set for the first host also to the second one.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2026-3784

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2026-6429

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-8286

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-8458

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'.

libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.

When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different services.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-8924

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-8927

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed through proxyB erroneously leaks the Proxy-Authorization: header intended solely for proxyA.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-8932

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse.

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS settings related to client certificates were left out from the configuration match checks, making them match too easily. In particular options related to the private key.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity
new

CVE-2026-9547

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPT_SSH_KEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the known_hosts file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

Improper Certificate Validation

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

Improper Certificate Validation

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

Insufficiently Protected Credentials

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

curl might erroneously pass on credentials for a first proxy to a second proxy.

This can happen when the following conditions are true:

  1. curl is setup to use specific different proxies for different URL schemes
  2. the first proxy needs credentials
  3. the second proxy uses no credentials
  4. while using the first proxy (using say http://), curl is asked to follow a redirect to a URL using another scheme (say https://), accessed using a second, different, proxy

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

Open Redirect

  • Vulnerable module: curl
  • Introduced through: curl@7.88.1-10+deb12u14, curl/libcurl3-gnutls@7.88.1-10+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm curl@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl3-gnutls@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4@7.88.1-10+deb12u14
  • Introduced through: buildpack-deps@bookworm curl/libcurl4-openssl-dev@7.88.1-10+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

Remediation

There is no fixed version for Debian:12 curl.

References

low severity

CVE-2024-25260

  • Vulnerable module: elfutils/libelf1
  • Introduced through: elfutils/libelf1@0.188-2.1

Detailed paths

  • Introduced through: buildpack-deps@bookworm elfutils/libelf1@0.188-2.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.

Remediation

There is no fixed version for Debian:12 elfutils.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Incorrect Synchronization

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

Insufficient Entropy

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 has an integer overflow in copyString.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 has an integer overflow in getAttributeId.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 has an integer overflow in addBinding.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 has an integer overflow in storeAtts.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Use After Free

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

Remediation

There is no fixed version for Debian:12 expat.

References

low severity
new

Use After Free

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.5.0-1+deb12u2 and expat/libexpat1-dev@2.5.0-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm expat/libexpat1@2.5.0-1+deb12u2
  • Introduced through: buildpack-deps@bookworm expat/libexpat1-dev@2.5.0-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

Remediation

There is no fixed version for Debian:12 expat.

References

low severity

CVE-2026-5435

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

CVE-2026-5928

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.

A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

CVE-2026-6238

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.

These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity

Out-of-bounds Write

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.36-9+deb12u14, glibc/libc-dev-bin@2.36-9+deb12u14 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm glibc/libc-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc-dev-bin@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6@2.36-9+deb12u14
  • Introduced through: buildpack-deps@bookworm glibc/libc6-dev@2.36-9+deb12u14

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

Remediation

There is no fixed version for Debian:12 glibc.

References

low severity
new

CVE-2026-57062

  • Vulnerable module: gnupg2/dirmngr
  • Introduced through: gnupg2/dirmngr@2.2.40-1.1+deb12u2, gnupg2/gnupg@2.2.40-1.1+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm gnupg2/dirmngr@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg-l10n@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gnupg-utils@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-agent@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-wks-client@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpg-wks-server@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgconf@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgsm@2.2.40-1.1+deb12u2
  • Introduced through: buildpack-deps@bookworm gnupg2/gpgv@2.2.40-1.1+deb12u2

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 gnupg2.

References

low severity

Integer Underflow

  • Vulnerable module: graphite2/libgraphite2-3
  • Introduced through: graphite2/libgraphite2-3@1.3.14-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm graphite2/libgraphite2-3@1.3.14-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream graphite2 package and not the graphite2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.

Remediation

There is no fixed version for Debian:12 graphite2.

References

low severity
new

Buffer Over-read

  • Vulnerable module: gzip
  • Introduced through: gzip@1.12-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm gzip@1.12-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream gzip package and not the gzip package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression routines and is not reinitialized between files processed in the same invocation. By decompressing a specially crafted LZW file followed by a specially crafted LZH file in a single gzip -d command, an attacker can poison the shared global state and subsequently trigger an out‑of‑bounds read in the LZH decoder. The LZH decompression logic follows stale values left in the shared array, causing reads past the end of the allocated global buffer.

This issue has been fixed in the commit 63dbf6b3b9e6e781df1a6a64e609b10e23969681

Remediation

There is no fixed version for Debian:12 gzip.

References

low severity
new

Insecure Temporary File

  • Vulnerable module: gzip
  • Introduced through: gzip@1.12-1

Detailed paths

  • Introduced through: buildpack-deps@bookworm gzip@1.12-1

NVD Description

Note: Versions mentioned in the description apply only to the upstream gzip package and not the gzip package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID (PID). This predictable filename is created without exclusive access or existence checks. A local attacker can pre‑create the predicted temporary file path as a symbolic link pointing to an arbitrary file writable by the victim. When gzexe runs, it follows the symlink and overwrites the target file, resulting in a time‑of‑check to time‑of‑use (TOCTOU) condition that allows arbitrary file overwrite.

This issue has been fixed in the commit 4e6f8b24ab823146ab8776f0b7fe486ab34d4269

Remediation

There is no fixed version for Debian:12 gzip.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: harfbuzz/libharfbuzz0b
  • Introduced through: harfbuzz/libharfbuzz0b@6.0.0+dfsg-3

Detailed paths

  • Introduced through: buildpack-deps@bookworm harfbuzz/libharfbuzz0b@6.0.0+dfsg-3

NVD Description

Note: Versions mentioned in the description apply only to the upstream harfbuzz package and not the harfbuzz package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.

Remediation

There is no fixed version for Debian:12 harfbuzz.

References

low severity
new

CVE-2026-53466

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

CVE-2026-55628

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Improper Check for Unusual or Exceptional Conditions

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Incorrect Calculation

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Information Exposure

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Resource Exhaustion

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity
new

Resource Exhaustion

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm imagemagick@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1.6+deb12u11
  • Introduced through: buildpack-deps@bookworm imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1.6+deb12u11

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Remediation

There is no fixed version for Debian:12 imagemagick.

References

low severity

CVE-2024-26461

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.20.1-2+deb12u5, krb5/libgssapi-krb5-2@1.20.1-2+deb12u5 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm krb5/krb5-multidev@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libgssapi-krb5-2@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libgssrpc4@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libk5crypto3@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkadm5clnt-mit12@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkadm5srv-mit12@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkdb5-10@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5-3@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5-dev@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5support0@1.20.1-2+deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

Remediation

There is no fixed version for Debian:12 krb5.

References

low severity

Memory Leak

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.20.1-2+deb12u5, krb5/libgssapi-krb5-2@1.20.1-2+deb12u5 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm krb5/krb5-multidev@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libgssapi-krb5-2@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libgssrpc4@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libk5crypto3@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkadm5clnt-mit12@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkadm5srv-mit12@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkdb5-10@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5-3@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5-dev@1.20.1-2+deb12u5
  • Introduced through: buildpack-deps@bookworm krb5/libkrb5support0@1.20.1-2+deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

Remediation

There is no fixed version for Debian:12 krb5.

References

low severity

CVE-2025-29070

  • Vulnerable module: lcms2/liblcms2-2
  • Introduced through: lcms2/liblcms2-2@2.14-2+deb12u1 and lcms2/liblcms2-dev@2.14-2+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm lcms2/liblcms2-2@2.14-2+deb12u1
  • Introduced through: buildpack-deps@bookworm lcms2/liblcms2-dev@2.14-2+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream lcms2 package and not the lcms2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color management, is there only as a helper for low-level programming and investigation."

Remediation

There is no fixed version for Debian:12 lcms2.

References

low severity
new

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decoder_context::read_slice_NAL() (libde265/decctx.cc:481) to attach slice headers to a finished picture object that has no active image unit, resulting in attacker-controlled unbounded heap growth. The retained headers are never freed until the picture is released, which may not happen during continuous streaming. Version 1.0.20 patches the issue.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity

CVE-2023-51792

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity

CVE-2024-38949

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity

CVE-2024-38950

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity

CVE-2025-61147

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity
new

CVE-2026-45382

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity
new

CVE-2026-45383

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity
new

CVE-2026-54240

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity
new

CVE-2026-54241

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity
new

Integer Overflow or Wraparound

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265_image_get_buffer() (libde265/image.cc:128). The overflow wraps the plane allocation size to a small value (~1 KB), but the subsequent fill_image() call computes the real size using size_t, writing ~4 GB into the undersized heap buffer. Version 1.1.0 patches the issue.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity
new

Out-of-bounds Write

  • Vulnerable module: libde265/libde265-0
  • Introduced through: libde265/libde265-0@1.0.11-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm libde265/libde265-0@1.0.11-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libde265 package and not the libde265 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decoder_context::process_reference_picture_set() (libde265/decctx.cc:1376). The root cause is a missing aggregate bound check on predicted short-term reference picture set entries. Individual list sizes are validated, but the combined count after predicted RPS construction can exceed the 16-entry PocStFoll array, writing at index 16. Version 1.0.20 patches the issue.

Remediation

There is no fixed version for Debian:12 libde265.

References

low severity

Covert Timing Channel

  • Vulnerable module: libgcrypt20
  • Introduced through: libgcrypt20@1.10.1-3+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libgcrypt20@1.10.1-3+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

Remediation

There is no fixed version for Debian:12 libgcrypt20.

References

low severity

CVE-2024-25269

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

CVE-2026-41069

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while still passing validation because saio.entry_count == 0 matches, but with saiz.sample_count > 0 the SampleAuxInfoReader constructor still enters its loop. This leads to an out-of-bounds dereference on the empty chunks[0] in chunked mode.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

CVE-2026-47178

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

CVE-2026-47247

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

CVE-2026-47251

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

CVE-2026-47254

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

CVE-2026-47709

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

CVE-2026-47714

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

CVE-2026-48029

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

CVE-2026-50142

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

Heap-based Buffer Overflow

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel buffer using memcpy(dst, data.data(), data.size()). The copy length data.size() is determined by the iloc extent in the file (attacker-controlled), while the destination buffer is sized based on the declared image dimensions. Because no upper-bound check exists on the data length, a crafted file whose iloc extent exceeds the pixel buffer allocation overflows the heap. The vulnerable single-memcpy branch is reached when the mskC property specifies bits_per_pixel = 8 and the ispe property declares an even width ≥ 64 (so that stride == width), with no changes to default security limits or external codec plugins required. This issue has been fixed in version 1.22.0.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

Information Exposure

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure, leading to an uninitialized heap memory information leak. The canvas is allocated via create_clone_image_at_new_size() → plane.alloc() → new (std::nothrow) uint8_t[allocation_size] which does not zero the memory; only the alpha plane is explicitly initialized via fill_plane(), so the Y, Cb, and Cr planes contain whatever was previously at that heap address. The failed tile's region of the canvas is never written. It retains uninitialized heap data that is delivered to the caller as decoded pixel values (4,096 bytes per Y/Cb/Cr plane = 12,288+ bytes total). Any application using libheif to decode grid-based HEIF/AVIF files with default settings is vulnerable: a crafted .heic or .avif file causes 4,096+ bytes of heap memory to appear as pixel values in the decoded image, and the calling application receives heif_error_Ok, so it has no indication the output contains heap garbage. In server-side image processing, an uploaded crafted HEIF decoded and re-encoded (e.g., as PNG/JPEG for thumbnails, CDN, social media) can leak cross-user data such as auth tokens, database results, and other users' image data. This issue has been fixed in version 1.22.0.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and is triggered during file open (parsing) - before any user interaction or image decoding. The process stays alive (no crash, no error logged), making it invisible to crash-based monitoring. This issue has been fixed in version 1.22.0.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

Out-of-bounds Read

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose child image has a different bit depth for the alpha channel than for the color channels, the function indexes into the alpha plane using the color channel stride (in_stride) instead of the previously retrieved alpha_stride, causing reads past the end of the alpha buffer (up to 3,123 bytes for a 100×50 image with 10-bit color and 8-bit alpha). A crafted HEIF file can exploit this to cause a denial of service (crash) or potentially disclose adjacent heap memory through leaked bytes embedded in the decoded output pixels. This issue has been fixed in versionThis issue has been fixed in version 1.22.0.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity
new

Out-of-bounds Read

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector from iterators outside the compressed item buffer, producing an out-of-bounds heap read and crash. Version 1.22.1 patches the issue.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

Out-of-bounds Write

  • Vulnerable module: libheif/libheif1
  • Introduced through: libheif/libheif1@1.15.1-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libheif/libheif1@1.15.1-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libheif package and not the libheif package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by crafting a HEIF/AVIF file with a 1×4 grid of odd-height tiles. The overflow is triggered during normal image decoding with default build configuration. The written bytes are chroma (Cb/Cr) pixel values from the attacking tile, giving the attacker full control over the overflow content. This issue has been fixed in version 1.22.0.

Remediation

There is no fixed version for Debian:12 libheif.

References

low severity

CVE-2025-28162

  • Vulnerable module: libpng1.6/libpng-dev
  • Introduced through: libpng1.6/libpng-dev@1.6.39-2+deb12u5 and libpng1.6/libpng16-16@1.6.39-2+deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libpng1.6/libpng-dev@1.6.39-2+deb12u5
  • Introduced through: buildpack-deps@bookworm libpng1.6/libpng16-16@1.6.39-2+deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpng1.6 package and not the libpng1.6 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

Remediation

There is no fixed version for Debian:12 libpng1.6.

References

low severity

Memory Leak

  • Vulnerable module: libpng1.6/libpng-dev
  • Introduced through: libpng1.6/libpng-dev@1.6.39-2+deb12u5 and libpng1.6/libpng16-16@1.6.39-2+deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libpng1.6/libpng-dev@1.6.39-2+deb12u5
  • Introduced through: buildpack-deps@bookworm libpng1.6/libpng16-16@1.6.39-2+deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpng1.6 package and not the libpng1.6 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

Remediation

There is no fixed version for Debian:12 libpng1.6.

References

low severity
new

CVE-2026-55200

  • Vulnerable module: libssh2/libssh2-1
  • Introduced through: libssh2/libssh2-1@1.10.0-3+b1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libssh2/libssh2-1@1.10.0-3+b1

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 libssh2.

References

low severity

Out-of-bounds Write

  • Vulnerable module: libtasn1-6
  • Introduced through: libtasn1-6@4.19.0-2+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm libtasn1-6@4.19.0-2+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libtasn1-6 package and not the libtasn1-6 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Remediation

There is no fixed version for Debian:12 libtasn1-6.

References

low severity
new

CVE-2026-6653

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.14+dfsg-1.3~deb12u5 and libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxml2@2.9.14+dfsg-1.3~deb12u5
  • Introduced through: buildpack-deps@bookworm libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

Remediation

There is no fixed version for Debian:12 libxml2.

References

low severity
new

Stack-based Buffer Overflow

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.14+dfsg-1.3~deb12u5 and libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

Detailed paths

  • Introduced through: buildpack-deps@bookworm libxml2@2.9.14+dfsg-1.3~deb12u5
  • Introduced through: buildpack-deps@bookworm libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within the stack frame. Successful exploitation may cause a crash or potentially allow arbitrary code execution in the context of the xmlcatalog process.

This issue has been fixed in the commit c2e233fc.

NOTE: The maintainers of this project did not agree that this issue is a vulnerability and considered it a bug.

Remediation

There is no fixed version for Debian:12 libxml2.

References

low severity

Directory Traversal

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.

Remediation

There is no fixed version for Debian:12 mariadb.

References

low severity
new

Incorrect Authorization

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.

Remediation

There is no fixed version for Debian:12 mariadb.

References

low severity
new

OS Command Injection

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrep_notify_cmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. As a workaround, anyone who cannot upgrade now should disable wsrep_notify_cmd.

Remediation

There is no fixed version for Debian:12 mariadb.

References

low severity
new

OS Command Injection

  • Vulnerable module: mariadb/libmariadb-dev
  • Introduced through: mariadb/libmariadb-dev@1:10.11.14-0+deb12u2, mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb-dev-compat@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/libmariadb3@1:10.11.14-0+deb12u2
  • Introduced through: buildpack-deps@bookworm mariadb/mariadb-common@1:10.11.14-0+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream mariadb package and not the mariadb package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

Remediation

There is no fixed version for Debian:12 mariadb.

References

low severity

CVE-2024-31047

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Heap-based Buffer Overflow

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27946.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Heap-based Buffer Overflow

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27948.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Heap-based Buffer Overflow

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27947.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Incorrect Type Conversion or Cast

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undo_pxr24_impl() in src/lib/OpenEXRCore/internal_pxr24.c at line 377. The expression (uint64_t)(w * 3) computes w * 3 as a signed 32-bit integer before casting to uint64_t. When w is large, this multiplication constitutes undefined behavior under the C standard. On tested builds (clang/gcc without sanitizers), two's-complement wraparound commonly occurs, and for specific values of w the wrapped result is a small positive integer, which may allow the subsequent bounds check to pass incorrectly. If the check is bypassed, the decoding loop proceeds to write pixel data through dout, potentially extending far beyond the allocated output buffer. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: openexr/libopenexr-3-1-30
  • Introduced through: openexr/libopenexr-3-1-30@3.1.5-5 and openexr/libopenexr-dev@3.1.5-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-3-1-30@3.1.5-5
  • Introduced through: buildpack-deps@bookworm openexr/libopenexr-dev@3.1.5-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads to heap OOB write via OpenEXRUtil public API. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.

Remediation

There is no fixed version for Debian:12 openexr.

References

low severity

Resource Exhaustion

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Resource Exhaustion

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Resource Exhaustion

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.5.0-2+deb12u3 and openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

Detailed paths

  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7@2.5.0-2+deb12u3
  • Introduced through: buildpack-deps@bookworm openjpeg2/libopenjp2-7-dev@2.5.0-2+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream openjpeg2 package and not the openjpeg2 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

Remediation

There is no fixed version for Debian:12 openjpeg2.

References

low severity

Out-of-bounds Read

  • Vulnerable module: openldap/libldap-2.5-0
  • Introduced through: openldap/libldap-2.5-0@2.5.13+dfsg-5

Detailed paths

  • Introduced through: buildpack-deps@bookworm openldap/libldap-2.5-0@2.5.13+dfsg-5

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

Remediation

There is no fixed version for Debian:12 openldap.

References

low severity

CVE-2025-27587

  • Vulnerable module: openssl
  • Introduced through: openssl@3.0.20-1~deb12u2, openssl/libssl-dev@3.0.20-1~deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssl@3.0.20-1~deb12u2
  • Introduced through: buildpack-deps@bookworm openssl/libssl-dev@3.0.20-1~deb12u2
  • Introduced through: buildpack-deps@bookworm openssl/libssl3@3.0.20-1~deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.

Remediation

There is no fixed version for Debian:12 openssl.

References

low severity
new

CVE-2026-42767

  • Vulnerable module: openssl
  • Introduced through: openssl@3.0.20-1~deb12u2, openssl/libssl-dev@3.0.20-1~deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm openssl@3.0.20-1~deb12u2
  • Introduced through: buildpack-deps@bookworm openssl/libssl-dev@3.0.20-1~deb12u2
  • Introduced through: buildpack-deps@bookworm openssl/libssl3@3.0.20-1~deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application.

Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service.

An attacker controlling a CMP server (or acting as a man-in-the-middle) could craft a CMP response containing a CRMF (Certificate Request Message Format) CertRepMessage with an EncryptedValue structure where the symmAlg field has an algorithm OID but no parameters field. When the OpenSSL CMP client processes this response, the NULL dereference occurs, causing a crash of the CMP client.

Applications that process untrusted CMP/CRMF messages may be affected.

The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Remediation

There is no fixed version for Debian:12 openssl.

References

low severity
new

CVE-2026-54411

  • Vulnerable module: pam/libpam-modules
  • Introduced through: pam/libpam-modules@1.5.2-6+deb12u2, pam/libpam-modules-bin@1.5.2-6+deb12u2 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm pam/libpam-modules@1.5.2-6+deb12u2
  • Introduced through: buildpack-deps@bookworm pam/libpam-modules-bin@1.5.2-6+deb12u2
  • Introduced through: buildpack-deps@bookworm pam/libpam-runtime@1.5.2-6+deb12u2
  • Introduced through: buildpack-deps@bookworm pam/libpam0g@1.5.2-6+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.

Remediation

There is no fixed version for Debian:12 pam.

References

low severity

CVE-2025-15649

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.

_dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die.

The exception propagates out of IO::Uncompress::Unzip->new($file) where callers expect undef plus $UnzipError.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity
new

CVE-2026-12087

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Socket versions before 2.041 for Perl have an out-of-bounds heap read.

In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer.

Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2026-48959

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward.

fastForward() compares length $offset (the digit count of the offset, 1 to 19) against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration.

Extracting a named entry from an attacker supplied zip via IO::Uncompress::Unzip->new($zip, Name => $target) drives a per-byte read loop scaling with the entry's compressed size, up to the non-Zip64 4 GiB cap.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2026-48961

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID.

When decode_ux() in bin/zipdetails handles an Info-ZIP Unix Extra Field (tag 0x7875) with UID Size or GID Size set to 8, causing zipdetails to decode an 8-byte UID or GID value, it dispatches through decodeLitteEndian(), which calls a misnamed helper unpackValueQ. The actual function defined in the same file is unpackValue_Q (with underscore); the call raises 'Undefined subroutine &main::unpackValueQ' and the script exits with status 255.

Library callers of IO::Compress and IO::Uncompress are not affected; the defect is in the bundled CLI tool.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2026-48962

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.

_parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl.

Arbitrary Perl in the output glob executes at the calling process's privilege.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2026-7010

  • Vulnerable module: perl
  • Introduced through: perl@5.36.0-7+deb12u3, perl/libperl5.36@5.36.0-7+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm perl@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/libperl5.36@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-base@5.36.0-7+deb12u3
  • Introduced through: buildpack-deps@bookworm perl/perl-modules-5.36@5.36.0-7+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values.

The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values.

An attacker who controls one of these inputs, for example a user supplied URL passed to a webhook or URL fetch endpoint, can inject additional headers and smuggle requests to the upstream server.

Remediation

There is no fixed version for Debian:12 perl.

References

low severity

CVE-2025-15366

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2025-15367

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity
new

CVE-2026-0864

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity
new

CVE-2026-11940

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself.  The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower path, letting a relative target the filter judged contained escape the destination directory.  This allowed a malicious tar archive to create a symlink pointing outside the destination, enabling out-of-destination file reads or writes. This was an incomplete fix of CVE-2025-4330.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity
new

CVE-2026-11972

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity
new

CVE-2026-12003

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python assumes it is running in a source tree and generates a different default sys.path. This code remains in release builds, so that release-ready builds can be built in-tree.

On Windows, since builds are written to 'PCbuild/', the value of VPATH is set to '....', which results in a landmark of '....\Modules\setup.local'. This path is outside the install directory of Python, and may have different permissions, potentially allowing a low-privilege user to create the landmark and an alternative Lib folder that will be discovered by an otherwise restricted install.

Such a setup occurs with the legacy default install location for all users (in the now superseded EXE installer), due to how Windows allows all users to create folders in the root directory of their OS drive.

Our recommended mitigation on Windows is to migrate away from the legacy installer and use the new Python install manager to install for the current user. Installs where the directory two levels above the Python installation directory have equivalent permissions are unaffected (in general, a per-user install cannot be modified at all by other users, removing any escalation of privilege risk, and could be directly modified by a privileged user, making the potential tampering irrelevant). Alternative mitigations might include preemptively creating and restricting access to a Modules directory. Be aware that only 3.13 and 3.14 will receive updated legacy installers - earlier fixes are only provided as sources.

Platforms other than Windows allow VPATH to be overridden, but as they don't usually use a separated directory in the build for binaries, are unlikely to have a landmark reference outside of the install directory.

The landmark detection involving VPATH is a fallback for when a more specific landmark - .\pybuilddir.txt - is absent, and was included for compatibility. Future releases of Python will no longer include the fallback, and so builds will need to generate or preserve the pybuilddir.txt file in order to work in-tree. This landmark file has been generated on Windows since 3.11, and on other platforms for longer.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-1502

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-2297

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-3276

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-3446

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-3479

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model.

pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity
new

CVE-2026-4360

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-6100

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Use-after-free (UAF) was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.

The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a MemoryError is raised during decompression. Using the helper functions to one-shot decompress data such as lzma.decompress(), bz2.decompress(), gzip.decompress(), and zlib.decompress() are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-7774

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2026-8328

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity
new

CVE-2026-9669

  • Vulnerable module: python3.11
  • Introduced through: python3.11@3.11.2-6+deb12u7, python3.11/libpython3.11-minimal@3.11.2-6+deb12u7 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm python3.11@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-minimal@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/libpython3.11-stdlib@3.11.2-6+deb12u7
  • Introduced through: buildpack-deps@bookworm python3.11/python3.11-minimal@3.11.2-6+deb12u7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.

Remediation

There is no fixed version for Debian:12 python3.11.

References

low severity

CVE-2024-56433

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.13+dfsg1-1+deb12u2 and shadow/passwd@1:4.13+dfsg1-1+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm shadow/login@1:4.13+dfsg1-1+deb12u2
  • Introduced through: buildpack-deps@bookworm shadow/passwd@1:4.13+dfsg1-1+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.

Remediation

There is no fixed version for Debian:12 shadow.

References

low severity

CVE-2025-70873

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.40.1-2+deb12u2 and sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-0@3.40.1-2+deb12u2
  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

Remediation

There is no fixed version for Debian:12 sqlite3.

References

low severity

CVE-2025-7709

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.40.1-2+deb12u2 and sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

Detailed paths

  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-0@3.40.1-2+deb12u2
  • Introduced through: buildpack-deps@bookworm sqlite3/libsqlite3-dev@3.40.1-2+deb12u2

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

Remediation

There is no fixed version for Debian:12 sqlite3.

References

low severity
new

CVE-2026-36849

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.5.0-6+deb12u4, tiff/libtiff6@4.5.0-6+deb12u4 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm tiff/libtiff-dev@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiff6@4.5.0-6+deb12u4
  • Introduced through: buildpack-deps@bookworm tiff/libtiffxx6@4.5.0-6+deb12u4

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 tiff.

References

low severity
new

CVE-2026-53613

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.38.1-5+deb12u3, util-linux/bsdutils@1:2.38.1-5+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm util-linux@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/bsdutils@1:2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libsmartcols1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libuuid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/mount@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/util-linux-extra@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/uuid-dev@2.38.1-5+deb12u3

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 util-linux.

References

low severity
new

CVE-2026-53615

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.38.1-5+deb12u3, util-linux/bsdutils@1:2.38.1-5+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm util-linux@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/bsdutils@1:2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libsmartcols1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libuuid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/mount@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/util-linux-extra@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/uuid-dev@2.38.1-5+deb12u3

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

There is no fixed version for Debian:12 util-linux.

References

low severity

Time-of-check Time-of-use (TOCTOU)

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.38.1-5+deb12u3, util-linux/bsdutils@1:2.38.1-5+deb12u3 and others

Detailed paths

  • Introduced through: buildpack-deps@bookworm util-linux@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/bsdutils@1:2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libblkid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount-dev@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libmount1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libsmartcols1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/libuuid1@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/mount@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/util-linux-extra@2.38.1-5+deb12u3
  • Introduced through: buildpack-deps@bookworm util-linux/uuid-dev@2.38.1-5+deb12u3

NVD Description

Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.

Remediation

There is no fixed version for Debian:12 util-linux.

References

low severity

Server-Side Request Forgery (SSRF)

  • Vulnerable module: wget
  • Introduced through: wget@1.21.3-1+deb12u1

Detailed paths

  • Introduced through: buildpack-deps@bookworm wget@1.21.3-1+deb12u1

NVD Description

Note: Versions mentioned in the description apply only to the upstream wget package and not the wget package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

Remediation

There is no fixed version for Debian:12 wget.

References