CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-5914 – Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
https://notcve.org/view.php?id=CVE-2025-5914
09 Jun 2025 — A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. Se ha identificado una vulnerabilidad en la librería libarchive, específicamente en la función archive_read_format_rar_seek_data... • https://access.redhat.com/security/cve/CVE-2025-5914 • CWE-415: Double Free •
CVSS: 7.0EPSS: 0%CPEs: 25EXPL: 1CVE-2025-5222 – Icu: stack buffer overflow in the srbroot::addtag function
https://notcve.org/view.php?id=CVE-2025-5222
27 May 2025 — A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. A buffer overflow was discovered in the International Components for Unicode (ICU) library. For the stable distribution (bookworm), this problem has been fixed in version 72.1-3+deb12u1. • https://github.com/berkley4/icu-74-debian • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.3EPSS: 0%CPEs: 24EXPL: 0CVE-2025-48798 – Gimp: multiple use after free in xcf parser
https://notcve.org/view.php?id=CVE-2025-48798
27 May 2025 — A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues. Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened. For the stable ... • https://access.redhat.com/security/cve/CVE-2025-48798 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 24EXPL: 0CVE-2025-48797 – Gimp: multiple heap buffer overflows in tga parser
https://notcve.org/view.php?id=CVE-2025-48797
27 May 2025 — A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow. Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened. For th... • https://access.redhat.com/security/cve/CVE-2025-48797 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-5269 – firefox: thunderbird: Memory safety bug
https://notcve.org/view.php?id=CVE-2025-5269
27 May 2025 — Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11. Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1924108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-5268 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-5268
27 May 2025 — Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Firefox ESR < 128.11. Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that wit... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 25EXPL: 0CVE-2025-5263 – firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content
https://notcve.org/view.php?id=CVE-2025-5263
27 May 2025 — Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11. Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. A flaw was found in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1960745 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2025-5024 – Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus
https://notcve.org/view.php?id=CVE-2025-5024
22 May 2025 — A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd. An update for gnome-remote-desktop is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8... • https://access.redhat.com/security/cve/CVE-2025-5024 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2025-4948 – Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
https://notcve.org/view.php?id=CVE-2025-4948
19 May 2025 — A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpected... • https://access.redhat.com/security/cve/CVE-2025-4948 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 1CVE-2025-4919 – Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-4919
17 May 2025 — An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox ESR < 115.23.1. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. A flaw was found in Firefox and Thunderbird. • https://github.com/HExploited/CVE-2025-4919-Exploit • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •