Doc updates

[thalassemia]

• Added guidance for diagnosing Jenkins test failures
• Listed all the known ways in which vEcoli diverges from wcEcoli

[github-actions]

🔍 Vulnerabilities of vecoli:latest

📦 Image Reference vecoli:latest

digest	sha256:f819ff1c956967f6d68aa8a981901a242453c36c39921e26803dfd65cf058f7a
vulnerabilities
platform	linux/amd64
size	782 MB
packages	417

📦 Base Image oisupport/staging-amd64:12-slim

also known as	12.11-slim b4697ad8e75338499fc9a37305cbe60bd76873caa23ab99f3e329370faf7b4e0 bookworm-slim
digest	sha256:364d3f277f79b11fafee2f44e8198054486583d3392e2472eb656d5c780156f5
vulnerabilities

expat 2.5.0-1+deb12u1 (deb) pkg:deb/debian/[email protected]%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range <2.5.0-1+deb12u2 Fixed version 2.5.0-1+deb12u2 EPSS Score 1.247% EPSS Percentile 79th percentile Description A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. expat 2.7.0-1 [bookworm] - expat 2.5.0-1+deb12u2 [bullseye] - expat (Minor issue and too intrusive to backport) libxmltok [bookworm] - libxmltok (Minor issue, no runtime dependencies left) https://blog.hartwork.org/posts/expat-2-7-0-released/ [CVE-2024-8176] Long linear chains of enties crash Expat with stack overflow due to use of unlimited recursion libexpat/libexpat#893 [CVE-2024-8176] Resolve the recursion during entity processing to prevent stack overflow (fixes #893) libexpat/libexpat#973 CentOS stream backport for 2.5.0: https://gitlab.com/redhat/centos-stream/rpms/expat/-/blob/c9s/expat-2.5.0-CVE-2024-8176.patch https://www.openwall.com/lists/oss-security/2025/09/24/11 Follow-up: Fix detection of asynchronous tags in entities libexpat/libexpat#1059 (R_2_7_3) Affected range <2.5.0-1+deb12u2 Fixed version 2.5.0-1+deb12u2 EPSS Score 1.160% EPSS Percentile 78th percentile Description libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. expat 2.6.0-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063238) [bookworm] - expat 2.5.0-1+deb12u2 libxmltok [bookworm] - libxmltok (Minor issue, no runtime dependencies left) [CVE-2023-52425] Speed up parsing of big tokens libexpat/libexpat#789 Merge commit: libexpat/libexpat@34b598c Affected range <2.5.0-1+deb12u2 Fixed version 2.5.0-1+deb12u2 EPSS Score 0.109% EPSS Percentile 30th percentile Description An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. expat 2.6.3-2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134) [bookworm] - expat 2.5.0-1+deb12u2 libxmltok [bookworm] - libxmltok (Minor issue, no runtime dependencies left) [CVE-2024-50602] Stop XML_ResumeParser from crashing libexpat/libexpat#915 libexpat/libexpat@51c7019 (R_2_6_4) libexpat/libexpat@5fb89e7 (R_2_6_4) libexpat/libexpat@b3836ff (R_2_6_4)

glibc 2.36-9+deb12u10 (deb) pkg:deb/debian/[email protected]%2Bdeb12u10?os_distro=bookworm&os_name=debian&os_version=12 Affected range <2.36-9+deb12u11 Fixed version 2.36-9+deb12u11 EPSS Score 0.010% EPSS Percentile 1st percentile Description Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). glibc 2.39-4 [bookworm] - glibc 2.36-9+deb12u11 Introduced with: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10e93d968716ab82931d593bada121c17c0a4b93 (glibc-2.27) Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (glibc-2.39) https://sourceware.org/bugzilla/show_bug.cgi?id=32976 https://www.openwall.com/lists/oss-security/2025/05/17/2 Affected range <2.36-9+deb12u13 Fixed version 2.36-9+deb12u13 EPSS Score 0.031% EPSS Percentile 8th percentile Description The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. glibc 2.41-11 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803) [bookworm] - glibc 2.36-9+deb12u13 [bullseye] - glibc (Minor issue) https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2025-0005 Inroduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=963d8d782fc98fb6dc3a66f0068795f9920c269d Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7ea06e994093fa0bcca0d0ee2c1db271d8d7885d

perl 5.36.0-7+deb12u2 (deb) pkg:deb/debian/[email protected]%2Bdeb12u2?os_distro=bookworm&os_name=debian&os_version=12 Affected range <5.36.0-7+deb12u3 Fixed version 5.36.0-7+deb12u3 EPSS Score 1.116% EPSS Percentile 78th percentile Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. [experimental] - perl 5.38.0~rc2-1 perl 5.38.2-2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109) [bookworm] - perl 5.36.0-7+deb12u3 [buster] - perl (Minor issue) Add verify_SSL=>1 to HTTP::Tiny in CPAN::HTTP::Client to verify https server identity andk/cpanpm#175 andk/cpanpm@9c98370 (2.35-TRIAL) Affected range <5.36.0-7+deb12u3 Fixed version 5.36.0-7+deb12u3 EPSS Score 0.009% EPSS Percentile 1st percentile Description Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 [experimental] - perl 5.40.1-4 perl 5.40.1-5 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226) [bookworm] - perl 5.36.0-7+deb12u3 [bullseye] - perl (Minor issue, revisit when fixed upstream) Thread creation while a directory handle is open does a fchdir, affecting other threads (race condition) Perl/perl5#23010 Fixed by: Perl/perl5@fc8063a (v5.41.13) Fixed by: Perl/perl5@a1327b5 (v5.41.13) Fixed by: Perl/perl5@1f9097b (v5.41.13) Fixed by: Perl/perl5@5c2e757 (v5.41.13) Squashed version of fix (to help backports): Perl/perl5@918bfff https://lists.security.metacpan.org/cve-announce/msg/30017499/

tiff 4.5.0-6+deb12u2 (deb) pkg:deb/debian/[email protected]%2Bdeb12u2?os_distro=bookworm&os_name=debian&os_version=12 Affected range <4.5.0-6+deb12u3 Fixed version 4.5.0-6+deb12u3 EPSS Score 0.034% EPSS Percentile 9th percentile Description A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. tiff 4.7.1-1 https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://gitlab.com/libtiff/libtiff/-/commit/3e0dcf0ec651638b2bd849b2e6f3124b36890d99 (v4.7.1rc1) Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.028% EPSS Percentile 7th percentile Description A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all". tiff 4.7.0-4 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111878; unimportant) [trixie] - tiff 4.7.0-3+deb13u1 https://gitlab.com/libtiff/libtiff/-/issues/728 https://gitlab.com/libtiff/libtiff/-/merge_requests/747 https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0 Memory leak in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.034% EPSS Percentile 9th percentile Description A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. tiff 4.7.0-5 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111317; unimportant) [trixie] - tiff 4.7.0-3+deb13u1 https://gitlab.com/libtiff/libtiff/-/issues/721 https://gitlab.com/libtiff/libtiff/-/commit/0ac97aa7a5bffddd88f7cdbe517264e9db3f5bd5 Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.021% EPSS Percentile 5th percentile Description A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue. tiff 4.7.0-1 (unimportant) https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3 (v4.7.0rc1) Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.030% EPSS Percentile 8th percentile Description A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used." tiff 4.7.1-1 (unimportant) https://gitlab.com/libtiff/libtiff/-/issues/718 https://gitlab.com/libtiff/libtiff/-/merge_requests/746 https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b (v4.7.1rc1) Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.017% EPSS Percentile 3rd percentile Description A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer. tiff 4.7.1-1 (unimportant) https://gitlab.com/libtiff/libtiff/-/issues/715 https://gitlab.com/libtiff/libtiff/-/merge_requests/737 Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1 (v4.7.1rc1) Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.017% EPSS Percentile 3rd percentile Description A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue. tiff 4.7.1-1 (unimportant) https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda (v4.7.1rc1) Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0 (v4.7.1rc1) Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/78397815cdf7e9ad79943e00c3f06a6df9bf45c5 (v4.7.1rc1) Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u1 Fixed version Not Fixed EPSS Score 0.043% EPSS Percentile 12th percentile Description REJECTED REJECTED Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.016% EPSS Percentile 3rd percentile Description An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. tiff 4.7.0-1 (unimportant) https://gitlab.com/libtiff/libtiff/-/issues/606 Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a (v4.7.0rc1) Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.010% EPSS Percentile 1st percentile Description A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. tiff 4.7.0-1 (unimportant) https://gitlab.com/libtiff/libtiff/-/issues/542 https://gitlab.com/libtiff/libtiff/-/merge_requests/595 Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/a20298c4785c369469510613dfbc5bf230164fed (v4.7.0rc1) Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.020% EPSS Percentile 4th percentile Description A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. tiff 4.7.0-1 (unimportant) https://gitlab.com/libtiff/libtiff/-/issues/536 https://gitlab.com/libtiff/libtiff/-/issues/537 https://gitlab.com/libtiff/libtiff/-/merge_requests/595 Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/a20298c4785c369469510613dfbc5bf230164fed (v4.7.0rc1) Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.050% EPSS Percentile 15th percentile Description A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. tiff (unimportant) [bullseye] - tiff (Minor issue) [buster] - tiff (Minor issue) https://gitlab.com/libtiff/libtiff/-/issues/402 Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.459% EPSS Percentile 63rd percentile Description ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. tiff (unimportant) http://bugzilla.maptools.org/show_bug.cgi?id=2786 Crash in CLI tool, no security impact Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 0.486% EPSS Percentile 65th percentile Description In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue http://bugzilla.maptools.org/show_bug.cgi?id=2769 Details on the issue are not confirmed by the reporter after several attempts and this does like a non-issue. More reprodicibly reports are from SUSE in https://bugzilla.suse.com/show_bug.cgi?id=1074318#c5 claiming this might be a duplicate of CVE-2017-9935. Unless the reporter provides more details on upstream report go and consider this as non-issue. Affected range >=4.5.0-6+deb12u2 Fixed version Not Fixed EPSS Score 1.738% EPSS Percentile 82nd percentile Description LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue tiff (unimportant) http://seclists.org/oss-sec/2017/q4/168 Related commit: https://gitlab.com/libtiff/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0 This is actually only a partial fix, but upstream will not fix it completely. The related commit is included in 4.0.9. The underlying memory-based DOS would still be present. Affected range >=4.5.0-6 Fixed version Not Fixed Description REJECTED REJECTED Affected range >=4.5.0-6 Fixed version Not Fixed Description REJECTED REJECTED

openssl 3.0.16-1~deb12u1 (deb) pkg:deb/debian/[email protected]~deb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range <3.0.17-1~deb12u3 Fixed version 3.0.17-1~deb12u3 EPSS Score 0.025% EPSS Percentile 6th percentile Description Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. openssl 3.5.4-1 https://openssl-library.org/news/secadv/20250930.txt Fixed by: openssl/openssl@5965ea5 (openssl-3.3.5) Fixed by: openssl/openssl@9e91358 (openssl-3.4.3) Fixed by: openssl/openssl@b5282d6 (openssl-3.2.6) Fixed by: openssl/openssl@a79c4ce (openssl-3.0.18) Affected range <3.0.17-1~deb12u3 Fixed version 3.0.17-1~deb12u3 EPSS Score 0.025% EPSS Percentile 6th percentile Description Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary. openssl 3.5.4-1 [bullseye] - openssl (Vulnerable code not present) https://openssl-library.org/news/secadv/20250930.txt Affected range >=3.0.11-1~deb12u2 Fixed version Not Fixed EPSS Score 0.119% EPSS Percentile 32nd percentile Description OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf openssl/openssl#24540 Fault injection based attacks are not within OpenSSLs threat model according to the security policy: https://www.openssl.org/policies/general/security-policy.html

gnutls28 3.7.9-2+deb12u4 (deb) pkg:deb/debian/[email protected]%2Bdeb12u4?os_distro=bookworm&os_name=debian&os_version=12 Affected range <3.7.9-2+deb12u5 Fixed version 3.7.9-2+deb12u5 EPSS Score 0.134% EPSS Percentile 34th percentile Description A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). gnutls28 3.8.9-3 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://gitlab.com/gnutls/gnutls/-/issues/1718 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/23135619773e6ec087ff2abc65405bd4d5676bad (3.8.10) Affected range <3.7.9-2+deb12u5 Fixed version 3.7.9-2+deb12u5 EPSS Score 0.209% EPSS Percentile 43rd percentile Description A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. gnutls28 3.8.9-3 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://gitlab.com/gnutls/gnutls/-/issues/1696 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/408bed40c36a4cc98f0c94a818f682810f731f32 (3.8.10) Affected range <3.7.9-2+deb12u5 Fixed version 3.7.9-2+deb12u5 EPSS Score 0.210% EPSS Percentile 43rd percentile Description A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior. gnutls28 3.8.9-3 https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://gitlab.com/gnutls/gnutls/-/issues/1694 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573 (3.8.10) Affected range <3.7.9-2+deb12u5 Fixed version 3.7.9-2+deb12u5 EPSS Score 0.084% EPSS Percentile 25th percentile Description A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly. gnutls28 3.8.9-3 [bullseye] - gnutls28 (Vulnerable code introduced later) https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html https://gitlab.com/gnutls/gnutls/-/issues/1695 Introduced by: https://gitlab.com/gnutls/gnutls/-/commit/242abb6945cbb56c4a41c393d0253ea5b9d3a36a (3.7.3) Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2 (3.8.10)

tar 1.34+dfsg-1.2+deb12u1 (deb) pkg:deb/debian/[email protected]%2Bdfsg-1.2%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=1.34+dfsg-1.2+deb12u1 Fixed version Not Fixed EPSS Score 0.081% EPSS Percentile 24th percentile Description GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). Disputed tar issue, works as documented per upstream: https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md Affected range >=1.34+dfsg-1.2+deb12u1 Fixed version Not Fixed EPSS Score 1.530% EPSS Percentile 81st percentile Description Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. This is intended behaviour, after all tar is an archiving tool and you need to give -p as a command line flag tar (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328228; unimportant)

systemd 252.36-1~deb12u1 (deb) pkg:deb/debian/[email protected]~deb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range <252.38-1~deb12u1 Fixed version 252.38-1~deb12u1 EPSS Score 0.043% EPSS Percentile 13th percentile Description A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality. systemd 257.6-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785) https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt For a comprehensive fix a kernel change is required (to hand a pidfd to the usermode coredump helper): https://git.kernel.org/linus/b5325b2a270fcaf7b2a9a0f23d422ca8a5a8bdea Backports (src:linux): https://lore.kernel.org/linux-fsdevel/CAMw=ZnT4KSk_+Z422mEZVzfAkTueKvzdw=r9ZB2JKg5-1t6BDw@mail.gmail.com/ Fixed by: systemd/systemd@49f1f2d (main) Fixed by: systemd/systemd@0c49e00 (main) Fixed by: systemd/systemd@8fc7b2a (main) Follow up (optional): systemd/systemd@13902e0 (main) Follow up (optional): systemd/systemd@868d955 (main) Follow up (optional): systemd/systemd@e6a8687 (main) Follow up (optional): systemd/systemd@76e0ab4 (main) Follow up (optional): systemd/systemd@9ce8e3e (main) Fixed by: systemd/systemd@0c49e00 (v258) Fixed by: systemd/systemd@868d955 (v258) Fixed by: systemd/systemd@c58a8a6 (v257.6) Fixed by: systemd/systemd@6155669 (v257.6) Fixed by: systemd/systemd@19d4391 (v256.16) Fixed by: systemd/systemd-stable@254ab8d (v255.21) Fixed by: systemd/systemd-stable@7fc7aa5 (v254.26) Fixed by: systemd/systemd-stable@19b2286 (v253.33) Fixed by: systemd/systemd-stable@2eb46dc (v252.38) Issue relates to race condition exploitable while checking if a user should be allowed to read a core file or not via the grant_user_access() function, which was introduced as part of the fix for CVE-2022-4415.

krb5 1.20.1-2+deb12u3 (deb) pkg:deb/debian/[email protected]%2Bdeb12u3?os_distro=bookworm&os_name=debian&os_version=12 Affected range <1.20.1-2+deb12u4 Fixed version 1.20.1-2+deb12u4 EPSS Score 0.050% EPSS Percentile 16th percentile Description A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. krb5 1.21.2-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525) [bookworm] - krb5 1.20.1-2+deb12u4 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 CVE relates to issues covered in: https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Tervoort-Breaking-Kerberos-RC4-Cipher-and-Spoofing-Windows-PACs-wp.pdf Since upstream 1.21 (cf. https://web.mit.edu/kerberos/krb5-1.21/) the KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. krb5/krb5@1b57a4d krb5/krb5@2cbd847

pip 24.3.1 (pypi) pkg:pypi/[email protected] Improper Link Resolution Before File Access ('Link Following') Affected range <=25.2 Fixed version 25.3 CVSS Score 5.9 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N EPSS Score 0.020% EPSS Percentile 4th percentile Description Summary In the fallback extraction path for source distributions, pip used Python’s tarfile module without verifying that symbolic/hard link targets resolve inside the intended extraction directory. A malicious sdist can include links that escape the target directory and overwrite arbitrary files on the invoking host during pip install. Impact Successful exploitation enables arbitrary file overwrite outside the build/extraction directory on the machine running pip. This can be leveraged to tamper with configuration or startup files and may lead to further code execution depending on the environment, but the direct, guaranteed impact is integrity compromise on the vulnerable system. Conditions The issue is triggered when installing an attacker-controlled sdist (e.g., from an index or URL) and the fallback extraction code path is used. No special privileges are required beyond running pip install; active user action is necessary. Remediation The fix is available starting in pip 25.3. Using a Python interpreter that implements the safe-extraction behavior described by PEP 706 provides additional defense in depth for other tarfile issues but is not a substitute for upgrading pip for this specific flaw.

binutils 2.40-2 (deb) pkg:deb/debian/[email protected]?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.022% EPSS Percentile 5th percentile Description A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant) https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.027% EPSS Percentile 6th percentile Description A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue. binutils 2.43.1-4 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32109 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant) https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b https://sourceware.org/bugzilla/show_bug.cgi?id=33050 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.021% EPSS Percentile 5th percentile Description A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.020% EPSS Percentile 4th percentile Description A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.020% EPSS Percentile 4th percentile Description A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component. binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32858 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.018% EPSS Percentile 4th percentile Description A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33455 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.014% EPSS Percentile 2nd percentile Description A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33448 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.241% EPSS Percentile 47th percentile Description A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108986) https://sourceware.org/bugzilla/show_bug.cgi?id=32644 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b425859021d17adf62f06fb904797cf8642986ad binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.321% EPSS Percentile 55th percentile Description A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108986) https://sourceware.org/bugzilla/show_bug.cgi?id=32643 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.219% EPSS Percentile 44th percentile Description A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108986) https://sourceware.org/bugzilla/show_bug.cgi?id=32642 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.265% EPSS Percentile 50th percentile Description A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases". binutils 2.44-1 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32640 binutils not covered by security support No exact commits pinpointed, but upstream confirms this fixed in 2.44 Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.281% EPSS Percentile 51st percentile Description A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108986) https://sourceware.org/bugzilla/show_bug.cgi?id=32638 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.273% EPSS Percentile 50th percentile Description A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue. binutils 2.45-3 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108986) https://sourceware.org/bugzilla/show_bug.cgi?id=32636 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.471% EPSS Percentile 64th percentile Description A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component. binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.142% EPSS Percentile 35th percentile Description A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32576 binutils not covered by security support These were fixed in master, so 2.45 at the time Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.131% EPSS Percentile 33rd percentile Description A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32576 binutils not covered by security support These were fixed in master, so 2.45 at the time Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.142% EPSS Percentile 35th percentile Description A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32576 binutils not covered by security support These were fixed in master, so 2.45 at the time Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.142% EPSS Percentile 35th percentile Description A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32576 binutils not covered by security support These were fixed in master, so 2.45 at the time Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.318% EPSS Percentile 54th percentile Description A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32576 binutils not covered by security support These were fixed in master, so 2.45 at the time Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.306% EPSS Percentile 53rd percentile Description A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. binutils 2.45-3 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32556 binutils not covered by security support These were fixed in master, so 2.45 at the time Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46". binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.020% EPSS Percentile 4th percentile Description A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46". binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 5th percentile Description A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.377% EPSS Percentile 59th percentile Description A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component. binutils 2.43.90.20250122-1 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32560 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.028% EPSS Percentile 7th percentile Description https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: nm --without-symbol-version function. binutils 2.43.50.20241221-1 (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=32467 Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f8987d3999edb26e757115fe87be55787d510b9 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.046% EPSS Percentile 14th percentile Description GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files. binutils 2.44-1 (unimportant) https://bushido-sec.com/index.php/2024/12/05/binutils-objdump-tekhex-buffer-overflow/ https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e0323071916878e0634a6e24d8250e4faff67e88 (binutils-2_44) binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.045% EPSS Percentile 14th percentile Description A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. binutils 2.41-1 (unimportant) https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.115% EPSS Percentile 31st percentile Description An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. binutils (unimportant) https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.385% EPSS Percentile 59th percentile Description An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. binutils (unimportant) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 1.050% EPSS Percentile 77th percentile Description A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. binutils (unimportant) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629 https://sourceware.org/bugzilla/show_bug.cgi?id=24043 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.119% EPSS Percentile 32nd percentile Description The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=24039 binutils not covered by security support Affected range >=2.40-2 Fixed version Not Fixed EPSS Score 0.237% EPSS Percentile 47th percentile Description The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). binutils (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=22009 Underlying bug is though in the C++ demangler part of libiberty, but MITRE has assigned it specifically to the issue as raised within binutils. binutils not covered by security support

openldap 2.5.13+dfsg-5 (deb) pkg:deb/debian/[email protected]%2Bdfsg-5?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=2.5.13+dfsg-5 Fixed version Not Fixed EPSS Score 0.216% EPSS Percentile 44th percentile Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. openldap (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965184) https://bugs.openldap.org/show_bug.cgi?id=9266 https://bugzilla.redhat.com/show_bug.cgi?id=1740070 RedHat/CentOS applied patch: https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch OpenLDAP upstream did dispute the issue as beeing valid, as the current libldap behaviour does conform with RFC4513. RFC6125 does not superseed the rules for verifying service identity provided in specifications for existing application protocols published prior to RFC6125, like RFC4513 for LDAP. Affected range >=2.5.13+dfsg-5 Fixed version Not Fixed EPSS Score 1.643% EPSS Percentile 81st percentile Description contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. openldap (unimportant) http://www.openldap.org/its/index.cgi/Incoming?id=8759 nops slapd-module not built Affected range >=2.5.13+dfsg-5 Fixed version Not Fixed EPSS Score 0.123% EPSS Percentile 32nd percentile Description slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript. openldap (unimportant) http://www.openldap.org/its/index.cgi?findid=8703 Negligible security impact, but filed #877512 Affected range >=2.5.13+dfsg-5 Fixed version Not Fixed EPSS Score 2.852% EPSS Percentile 86th percentile Description The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. openldap (unimportant) Debian builds with GNUTLS, not NSS

libheif 1.15.1-1+deb12u1 (deb) pkg:deb/debian/[email protected]%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=1.15.1-1+deb12u1 Fixed version Not Fixed EPSS Score 0.059% EPSS Percentile 18th percentile Description libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack. libheif 1.17.6-2 (unimportant) Memory leaks in function JpegEncoder::Encode strukturag/libheif#1073 fix memory leaks in function JpegEncoder::Encode strukturag/libheif#1074 strukturag/libheif@877de6b Memory leak in example code Affected range >=1.15.1-1+deb12u1 Fixed version Not Fixed EPSS Score 0.146% EPSS Percentile 36th percentile Description libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. libheif 1.17.6-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151; unimportant) [buster] - libheif (Vulnerable code not present) SEGV libheif/libheif/exif.cc:88 in find_exif_tag strukturag/libheif#1042 strukturag/libheif@26ec395 (v1.17.6) Crash in CLI tool, no security impact (only affects example tool shipped in libheif-examples)

libgcrypt20 1.10.1-3 (deb) pkg:deb/debian/[email protected]?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=1.10.1-3 Fixed version Not Fixed EPSS Score 0.228% EPSS Percentile 45th percentile Description A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. libgcrypt20 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683) https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt https://people.redhat.com/~hkario/marvin/ https://dev.gnupg.org/T7136 https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17 Not in scope for libgcrypt security policy, work ongoing to add support in the protocol layer Affected range >=1.10.1-3 Fixed version Not Fixed EPSS Score 0.534% EPSS Percentile 67th percentile Description cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. libgcrypt20 (unimportant) libgcrypt11 (unimportant) gnupg1 (unimportant) gnupg (unimportant) https://github.com/weikengchen/attack-on-libgcrypt-elgamal https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html GnuPG uses ElGamal in hybrid mode only. This is not a vulnerability in libgcrypt, but in an application using it in an insecure manner, see also https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html

coreutils 9.1-1 (deb) pkg:deb/debian/[email protected]?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=9.1-1 Fixed version Not Fixed EPSS Score 0.016% EPSS Percentile 3rd percentile Description A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. coreutils (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733; unimportant) https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://lists.gnu.org/archive/html/bug-coreutils/2025-05/msg00036.html https://lists.gnu.org/archive/html/bug-coreutils/2025-05/msg00040.html https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://www.openwall.com/lists/oss-security/2025/05/27/2 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 Crash in CLI tool, no security impact Affected range >=9.1-1 Fixed version Not Fixed EPSS Score 0.056% EPSS Percentile 17th percentile Description In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. coreutils (unimportant) http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html https://www.openwall.com/lists/oss-security/2018/01/04/3 Documentation patches proposed: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html Neutralised by kernel hardening

libpng1.6 1.6.39-2 (deb) pkg:deb/debian/[email protected]?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=1.6.39-2 Fixed version Not Fixed EPSS Score 0.233% EPSS Percentile 46th percentile Description A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. libpng1.6 (unimportant) A potential heap overflow issue pnggroup/libpng#302 Crash in CLI package, not shipped in binary packages Affected range >=1.6.39-2 Fixed version Not Fixed Description libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range >=1.6.39-2 Fixed version Not Fixed Description libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range >=1.6.39-2 Fixed version Not Fixed Description libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range >=1.6.39-2 Fixed version Not Fixed Description libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

jansson 2.14-2 (deb) pkg:deb/debian/[email protected]?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=2.14-2 Fixed version Not Fixed EPSS Score 0.323% EPSS Percentile 55th percentile Description An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification jansson (unimportant) OOB Read memory corruption bug akheron/jansson#548 Disputed security impact (only if programmer fails to follow API specifications)

apt 2.6.1 (deb) pkg:deb/debian/[email protected]?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=2.6.1 Fixed version Not Fixed EPSS Score 1.509% EPSS Percentile 81st percentile Description It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. apt (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480) Not exploitable in Debian, since no keyring URI is defined

shadow 1:4.13+dfsg1-1+deb12u1 (deb) pkg:deb/debian/shadow@1%3A4.13%2Bdfsg1-1%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=1:4.13+dfsg1-1+deb12u1 Fixed version Not Fixed EPSS Score 0.206% EPSS Percentile 43rd percentile Description initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. shadow (unimportant) See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so unknown usernames are not recorded on login failures

jbigkit 2.1-6.1 (deb) pkg:deb/debian/[email protected]?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=2.1-6.1 Fixed version Not Fixed EPSS Score 0.354% EPSS Percentile 57th percentile Description In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. jbigkit (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869708) http://bugzilla.maptools.org/show_bug.cgi?id=2707 The CVE was assigned for src:tiff by MITRE, but the issue actually lies in jbigkit itself.

util-linux 2.38.1-5+deb12u3 (deb) pkg:deb/debian/[email protected]%2Bdeb12u3?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=2.38.1-5+deb12u3 Fixed version Not Fixed EPSS Score 0.020% EPSS Percentile 4th percentile Description A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. util-linux (unimportant) https://bugzilla.redhat.com/show_bug.cgi?id=2053151 https://lore.kernel.org/util-linux/[email protected]/T/#u util-linux/util-linux@faa5a3a util-linux in Debian does build with readline support but chfn and chsh are provided by src:shadow and util-linux is configured with --disable-chfn-chsh

gcc-12 12.2.0-14+deb12u1 (deb) pkg:deb/debian/[email protected]%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range >=12.2.0-14+deb12u1 Fixed version Not Fixed EPSS Score 0.051% EPSS Percentile 16th percentile Description libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. gcc-12 (unimportant) Negligible security impact https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

[github-actions]

Recommended fixes for image vecoli:latest

Base image is :12-slim

Digest
Vulnerabilities
Size	0 B
Packages	0

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.