Vulnerability-Lookup

RHSA-2026:4128

Vulnerability from csaf_redhat - Published: 2026-03-09 18:59 - Updated: 2026-03-09 19:02

Summary

Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA)

Notes

Topic

Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA) is now available.

Details

Red Hat® AI Inference Server Model Optimization Tools

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA) is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat\u00ae AI Inference Server Model Optimization Tools",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:4128",
        "url": "https://access.redhat.com/errata/RHSA-2026:4128"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2020-23922",
        "url": "https://access.redhat.com/security/cve/CVE-2020-23922"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2022-32189",
        "url": "https://access.redhat.com/security/cve/CVE-2022-32189"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2022-32296",
        "url": "https://access.redhat.com/security/cve/CVE-2022-32296"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2023-39327",
        "url": "https://access.redhat.com/security/cve/CVE-2023-39327"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2023-39329",
        "url": "https://access.redhat.com/security/cve/CVE-2023-39329"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2023-6349",
        "url": "https://access.redhat.com/security/cve/CVE-2023-6349"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2024-45341",
        "url": "https://access.redhat.com/security/cve/CVE-2024-45341"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2024-50613",
        "url": "https://access.redhat.com/security/cve/CVE-2024-50613"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
        "url": "https://access.redhat.com/security/cve/CVE-2026-25990"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://www.redhat.com/en/products/ai/inference-server",
        "url": "https://www.redhat.com/en/products/ai/inference-server"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4128.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA)",
    "tracking": {
      "current_release_date": "2026-03-09T19:02:08+00:00",
      "generator": {
        "date": "2026-03-09T19:02:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.2"
        }
      },
      "id": "RHSA-2026:4128",
      "initial_release_date": "2026-03-09T18:59:37+00:00",
      "revision_history": [
        {
          "date": "2026-03-09T18:59:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-09T18:59:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-09T19:02:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AI Inference Server 3.2",
                "product": {
                  "name": "Red Hat AI Inference Server 3.2",
                  "product_id": "Red Hat AI Inference Server 3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat AI Inference Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
                  "product_id": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3A2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=1772713830"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64",
                  "product_id": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3A9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=1772713830"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64"
        },
        "product_reference": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64 as a component of Red Hat AI Inference Server 3.2",
          "product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        },
        "product_reference": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-23922",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-08-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1953004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in giflib. A missing check in function DumpScreen2RGB in gif2rgb.c leads to an out-of-bounds read, allowing an attacker to crash the gif2rgb tool. The issue is not in the giflib library, but in the gif2rgb utility program.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of giflib as shipped with Red Hat Enterprise Linux 8 as they did not include the gif2rgb tool.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-23922"
        },
        {
          "category": "external",
          "summary": "RHBZ#1953004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-23922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-23922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-23922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23922"
        }
      ],
      "release_date": "2021-04-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool"
    },
    {
      "cve": "CVE-2022-32189",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-08-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2113814"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "RHBZ#2113814",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53871",
          "url": "https://go.dev/issue/53871"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
          "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
        }
      ],
      "release_date": "2022-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
    },
    {
      "cve": "CVE-2022-32296",
      "cwe": {
        "id": "CWE-341",
        "name": "Predictable from Observable State"
      },
      "discovery_date": "2022-06-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2096901"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: insufficient TCP source port randomness leads to client identification",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw was found to be a duplicate of CVE-2022-1012. Please see https://access.redhat.com/security/cve/CVE-2022-1012 for information about affected products and security errata.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32296"
        },
        {
          "category": "external",
          "summary": "RHBZ#2096901",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096901"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32296",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32296"
        }
      ],
      "release_date": "2022-05-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "title": "kernel: insufficient TCP source port randomness leads to client identification"
    },
    {
      "cve": "CVE-2023-6349",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2024-05-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2283553"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libvpx. Encoding a frame with larger dimensions than the original configured size with VP9 may result in a heap overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libvpx: Heap buffer overflow related to VP9 encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability does not affect any versions of Red Hat Enterprise Linux.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6349"
        },
        {
          "category": "external",
          "summary": "RHBZ#2283553",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283553"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6349"
        }
      ],
      "release_date": "2024-05-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libvpx: Heap buffer overflow related to VP9 encoding"
    },
    {
      "cve": "CVE-2023-39327",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-07-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2295812"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: Malicious files can cause the program to enter a large loop",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2295812",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295812"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39327"
        }
      ],
      "release_date": "2024-07-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openjpeg: Malicious files can cause the program to enter a large loop"
    },
    {
      "cve": "CVE-2023-39329",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-07-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2295816"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openjpeg: Resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39329"
        },
        {
          "category": "external",
          "summary": "RHBZ#2295816",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295816"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39329",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39329"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39329",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39329"
        }
      ],
      "release_date": "2024-07-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openjpeg: Resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c"
    },
    {
      "cve": "CVE-2024-45341",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2025-01-23T12:26:31.454000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2341750"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45341"
        },
        {
          "category": "external",
          "summary": "RHBZ#2341750",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341750"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45341",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341"
        }
      ],
      "release_date": "2025-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints"
    },
    {
      "cve": "CVE-2024-50613",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "discovery_date": "2024-10-27T23:00:45.399703+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2322056"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the libsndfile package. A specially-crafted input file may trigger a reachable assertion error, which can cause an application crash leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libsndfile: Reachable assertion in mpeg_l3_encoder_close",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-50613"
        },
        {
          "category": "external",
          "summary": "RHBZ#2322056",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322056"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-50613",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50613"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-50613",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50613"
        },
        {
          "category": "external",
          "summary": "https://github.com/libsndfile/libsndfile/issues/1034",
          "url": "https://github.com/libsndfile/libsndfile/issues/1034"
        }
      ],
      "release_date": "2024-10-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libsndfile: Reachable assertion in mpeg_l3_encoder_close"
    },
    {
      "cve": "CVE-2026-25990",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2026-02-11T21:05:39.535631+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2439170"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
          "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-25990"
        },
        {
          "category": "external",
          "summary": "RHBZ#2439170",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
        },
        {
          "category": "external",
          "summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
          "url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
        },
        {
          "category": "external",
          "summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
          "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
        }
      ],
      "release_date": "2026-02-11T20:53:52.524000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-09T18:59:37+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
            "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
    }
  ]
}

CVE-2024-50613 (GCVE-0-2024-50613)

Vulnerability from cvelistv5 – Published: 2024-10-27 00:00 – Updated: 2024-10-30 19:13

Summary

libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

URL

Tags

https://github.com/libsndfile/libsndfile/issues/1034

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:libsndfile_project:libsndfile:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "libsndfile",
            "vendor": "libsndfile_project",
            "versions": [
              {
                "lessThanOrEqual": "1.2.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50613",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T19:10:56.308222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-617",
                "description": "CWE-617 Reachable Assertion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T19:13:18.634Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-27T22:01:00.425Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/libsndfile/libsndfile/issues/1034"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-50613",
    "datePublished": "2024-10-27T00:00:00.000Z",
    "dateReserved": "2024-10-27T00:00:00.000Z",
    "dateUpdated": "2024-10-30T19:13:18.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32189 (GCVE-0-2022-32189)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:17 – Updated: 2024-08-03 07:32

Title

Panic when decoding Float and Rat types in math/big

Summary

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

Severity ?

No CVSS data available.

CWE

CWE 400: Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/417774
	https://go.googlesource.com/go/+/055113ef36433760…
	https://go.dev/issue/53871
	https://groups.google.com/g/golang-announce/c/YqY…
	https://pkg.go.dev/vuln/GO-2022-0537

Impacted products

	Vendor	Product	Version
	Go standard library	math/big	Affected: 0 , < 1.17.13 (semver) Affected: 1.18.0-0 , < 1.18.5 (semver)

Credits

@catenacyber

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:56.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417774"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53871"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/YqYYG87xB10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "math/big",
          "product": "math/big",
          "programRoutines": [
            {
              "name": "Float.GobDecode"
            },
            {
              "name": "Rat.GobDecode"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.5",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "@catenacyber"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:05:15.506Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417774"
        },
        {
          "url": "https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66"
        },
        {
          "url": "https://go.dev/issue/53871"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/YqYYG87xB10"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0537"
        }
      ],
      "title": "Panic when decoding Float and Rat types in math/big"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-32189",
    "datePublished": "2022-08-09T20:17:59.000Z",
    "dateReserved": "2022-05-31T00:00:00.000Z",
    "dateUpdated": "2024-08-03T07:32:56.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6349 (GCVE-0-2023-6349)

Vulnerability from cvelistv5 – Published: 2024-05-27 11:26 – Updated: 2024-08-02 08:28

Title

Heap overflow in libvpx

Summary

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

Severity ?

5.7 (Medium)


                        
                          CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/S:N/AU:N/R:A/V:D

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

Google

References

URL

Tags

https://crbug.com/webm/1642

Impacted products

	Vendor	Product	Version
	Chromium	libvpx	Affected: 1.5.0 , < 1.13.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6349",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T15:01:21.802594Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:18.552Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/webm/1642"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://chromium.googlesource.com/",
          "defaultStatus": "unaffected",
          "packageName": "libvpx",
          "product": "libvpx",
          "repo": "https://chromium.googlesource.com/webm/libvpx",
          "vendor": "Chromium",
          "versions": [
            {
              "lessThan": "1.13.1",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-15T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A heap overflow vulnerability exists in libvpx -\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEncoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.\u003c/span\u003e\u003cbr\u003eWe recommend upgrading to version 1.13.1 or above"
            }
          ],
          "value": "A heap overflow vulnerability exists in libvpx -\u00a0Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.\nWe recommend upgrading to version 1.13.1 or above"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "AUTOMATIC",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/S:N/AU:N/R:A/V:D",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-27T11:26:58.207Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://crbug.com/webm/1642"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Heap overflow in libvpx",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-6349",
    "datePublished": "2024-05-27T11:26:58.207Z",
    "dateReserved": "2023-11-28T01:49:37.568Z",
    "dateUpdated": "2024-08-02T08:28:21.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-23922 (GCVE-0-2020-23922)

Vulnerability from cvelistv5 – Published: 2021-04-21 17:41 – Updated: 2024-08-04 15:05

Summary

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://sourceforge.net/p/giflib/bugs/151/	x_refsource_MISC
	https://lists.apache.org/thread.html/rf4c02775860…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294b…	mailing-listx_refsource_MLIST
	https://cwe.mitre.org/data/definitions/126.html	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:05:11.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/giflib/bugs/151/"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cwe.mitre.org/data/definitions/126.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-10T20:19:43.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/giflib/bugs/151/"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cwe.mitre.org/data/definitions/126.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-23922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/giflib/bugs/151/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/giflib/bugs/151/"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "https://cwe.mitre.org/data/definitions/126.html",
              "refsource": "MISC",
              "url": "https://cwe.mitre.org/data/definitions/126.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-23922",
    "datePublished": "2021-04-21T17:41:06.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:05:11.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39329 (GCVE-0-2023-39329)

Vulnerability from cvelistv5 – Published: 2024-07-13 03:09 – Updated: 2026-03-09 19:01

Title

Openjpeg: resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c

Summary

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:4128	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-39329	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2295816	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 2.5.0 (semver)

Red Hat	Red Hat AI Inference Server 3.2	Unaffected: sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92 , < * (rpm) cpe:/a:redhat:ai_inference_server:3.2::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39329",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-13T20:14:44.693644Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-13T20:14:53.947Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:06.920Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-39329"
          },
          {
            "name": "RHBZ#2295816",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295816"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.openjpeg.org/",
          "packageName": "openjpeg",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/model-opt-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:flatpak/openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "inkscape:flatpak/openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libreoffice:flatpak/openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-07-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-09T19:01:51.075Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:4128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-39329"
        },
        {
          "name": "RHBZ#2295816",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295816"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-04T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-07-04T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Openjpeg: resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-39329",
    "datePublished": "2024-07-13T03:09:18.573Z",
    "dateReserved": "2023-07-27T18:04:08.248Z",
    "dateUpdated": "2026-03-09T19:01:51.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-32296 (GCVE-0-2022-32296)

Vulnerability from cvelistv5 – Published: 2022-06-05 21:53 – Updated: 2024-08-03 07:39

Summary

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN
	https://arxiv.org/abs/2209.12993	x_refsource_MISC
	https://github.com/0xkol/rfc6056-device-tracker	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:50.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9"
          },
          {
            "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://arxiv.org/abs/2209.12993"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/0xkol/rfc6056-device-tracker"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-28T14:06:37.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9"
        },
        {
          "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://arxiv.org/abs/2209.12993"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/0xkol/rfc6056-device-tracker"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-32296",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9"
            },
            {
              "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            },
            {
              "name": "https://arxiv.org/abs/2209.12993",
              "refsource": "MISC",
              "url": "https://arxiv.org/abs/2209.12993"
            },
            {
              "name": "https://github.com/0xkol/rfc6056-device-tracker",
              "refsource": "MISC",
              "url": "https://github.com/0xkol/rfc6056-device-tracker"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-32296",
    "datePublished": "2022-06-05T21:53:54.000Z",
    "dateReserved": "2022-06-05T00:00:00.000Z",
    "dateUpdated": "2024-08-03T07:39:50.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39327 (GCVE-0-2023-39327)

Vulnerability from cvelistv5 – Published: 2024-07-13 03:08 – Updated: 2026-03-09 19:02

Title

Openjpeg: malicious files can cause the program to enter a large loop

Summary

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:4128	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-39327	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2295812	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 2.5.0 (semver)

Red Hat	Red Hat AI Inference Server 3.2	Unaffected: sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92 , < * (rpm) cpe:/a:redhat:ai_inference_server:3.2::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-13T20:06:56.934415Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-13T20:07:07.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:06.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-39327"
          },
          {
            "name": "RHBZ#2295812",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295812"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.openjpeg.org/",
          "packageName": "openjpeg",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/model-opt-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:flatpak/openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "inkscape:flatpak/openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libreoffice:flatpak/openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "openjpeg2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-07-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-09T19:02:13.688Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:4128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4128"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-39327"
        },
        {
          "name": "RHBZ#2295812",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295812"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-04T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-07-04T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Openjpeg: malicious files can cause the program to enter a large loop",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-39327",
    "datePublished": "2024-07-13T03:08:48.501Z",
    "dateReserved": "2023-07-27T18:04:08.247Z",
    "dateUpdated": "2026-03-09T19:02:13.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25990 (GCVE-0-2026-25990)

Vulnerability from cvelistv5 – Published: 2026-02-11 20:53 – Updated: 2026-02-12 04:45

Title

Pillow has an out-of-bounds write when loading PSD images

Summary

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Severity ?

8.9 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

CWE

CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

URL

Tags

	https://github.com/python-pillow/Pillow/security/…	x_refsource_CONFIRM
	https://github.com/python-pillow/Pillow/commit/90…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	python-pillow	Pillow	Affected: >= 10.3.0, < 12.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T21:21:01.646207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T21:30:18.982Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-12T04:45:38.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/12/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pillow",
          "vendor": "python-pillow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.3.0, \u003c 12.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-11T20:53:52.524Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
        },
        {
          "name": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
        }
      ],
      "source": {
        "advisory": "GHSA-cfh3-3jmp-rvhc",
        "discovery": "UNKNOWN"
      },
      "title": "Pillow has an out-of-bounds write when loading PSD images"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25990",
    "datePublished": "2026-02-11T20:53:52.524Z",
    "dateReserved": "2026-02-09T17:41:55.858Z",
    "dateUpdated": "2026-02-12T04:45:38.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45341 (GCVE-0-2024-45341)

Vulnerability from cvelistv5 – Published: 2025-01-28 01:03 – Updated: 2025-02-21 18:03

Title

Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

Summary

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-295 - Improper Certificate Validation

Assigner

References

URL

Tags

	https://go.dev/cl/643099
	https://go.dev/issue/71156
	https://groups.google.com/g/golang-dev/c/bG8cv1mu…
	https://groups.google.com/g/golang-dev/c/CAWXhan3…
	https://pkg.go.dev/vuln/GO-2025-3373

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/x509	Affected: 0 , < 1.22.11 (semver) Affected: 1.23.0-0 , < 1.23.5 (semver) Affected: 1.24.0-0 , < 1.24.0-rc.2 (semver)

Credits

Juho Forsén of Mattermost

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45341",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T14:57:00.467281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T15:16:58.278Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-21T18:03:33.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250221-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "matchURIConstraint"
            },
            {
              "name": "CertPool.AppendCertsFromPEM"
            },
            {
              "name": "Certificate.CheckCRLSignature"
            },
            {
              "name": "Certificate.CheckSignature"
            },
            {
              "name": "Certificate.CheckSignatureFrom"
            },
            {
              "name": "Certificate.CreateCRL"
            },
            {
              "name": "Certificate.Verify"
            },
            {
              "name": "Certificate.VerifyHostname"
            },
            {
              "name": "CertificateRequest.CheckSignature"
            },
            {
              "name": "CreateCertificate"
            },
            {
              "name": "CreateCertificateRequest"
            },
            {
              "name": "CreateRevocationList"
            },
            {
              "name": "DecryptPEMBlock"
            },
            {
              "name": "EncryptPEMBlock"
            },
            {
              "name": "HostnameError.Error"
            },
            {
              "name": "MarshalECPrivateKey"
            },
            {
              "name": "MarshalPKCS1PrivateKey"
            },
            {
              "name": "MarshalPKCS1PublicKey"
            },
            {
              "name": "MarshalPKCS8PrivateKey"
            },
            {
              "name": "MarshalPKIXPublicKey"
            },
            {
              "name": "ParseCRL"
            },
            {
              "name": "ParseCertificate"
            },
            {
              "name": "ParseCertificateRequest"
            },
            {
              "name": "ParseCertificates"
            },
            {
              "name": "ParseDERCRL"
            },
            {
              "name": "ParseECPrivateKey"
            },
            {
              "name": "ParsePKCS1PrivateKey"
            },
            {
              "name": "ParsePKCS1PublicKey"
            },
            {
              "name": "ParsePKCS8PrivateKey"
            },
            {
              "name": "ParsePKIXPublicKey"
            },
            {
              "name": "ParseRevocationList"
            },
            {
              "name": "RevocationList.CheckSignatureFrom"
            },
            {
              "name": "SetFallbackRoots"
            },
            {
              "name": "SystemCertPool"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.22.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.5",
              "status": "affected",
              "version": "1.23.0-0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.0-rc.2",
              "status": "affected",
              "version": "1.24.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Fors\u00e9n of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-30T19:14:21.421Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/643099"
        },
        {
          "url": "https://go.dev/issue/71156"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3373"
        }
      ],
      "title": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-45341",
    "datePublished": "2025-01-28T01:03:24.353Z",
    "dateReserved": "2024-08-27T19:41:58.556Z",
    "dateUpdated": "2025-02-21T18:03:33.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:4128

CVE-2024-50613 (GCVE-0-2024-50613)

CVE-2022-32189 (GCVE-0-2022-32189)

CVE-2023-6349 (GCVE-0-2023-6349)

CVE-2020-23922 (GCVE-0-2020-23922)

CVE-2023-39329 (GCVE-0-2023-39329)

CVE-2022-32296 (GCVE-0-2022-32296)

CVE-2023-39327 (GCVE-0-2023-39327)

CVE-2026-25990 (GCVE-0-2026-25990)

CVE-2024-45341 (GCVE-0-2024-45341)

Tags

Sightings

Nomenclature