Category Archives: Advisories

ZDI-25-193: Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-24182.

Read More

ZDI-25-188: Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:16 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-24244.

Read More

USN-7400-1: PHP vulnerabilities

Read Time:59 Second

It was discovered that PHP incorrectly handle certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11235)

It was discovered that PHP incorrectly handle certain folded headers.
An attacker could possibly use this issue to cause a crash or
execute arbritrary code. (CVE-2025-1217)

It was discovered that PHP incorrectly handled certain headers.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS
Ubuntu 24.10, and Ubuntu 24.04 LTS. (CVE-2025-1219)

It was discovered that PHP incorrectly handle certain headers with invalid
name and no colon. An attacker could possibly use this issue to confuse
applications into accepting invalid headers causing code injection.
(CVE-2025-1734)

It was discovered that PHP incorrectly handled certain headers.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.10, and Ubuntu 24.04
LTS. (CVE-2025-1736)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive
information. (CVE-2025-1861)

Read More

USN-7398-1: libtar vulnerabilities

Read Time:27 Second

It was discovered that libtar may perform out-of-bounds reads when
processing specially crafted tar files. An attacker could possibly use
this issue to cause libtar to crash, resulting in a denial of service,
or execute arbitrary code. (CVE-2021-33643, CVE-2021-33644)

It was discovered that libtar contained a memory leak due to failing
to free a variable, causing performance degradation. An attacker
could possibly use this issue to cause libtar to crash, resulting in a
denial of service. (CVE-2021-33645, CVE-2021-33646)

Read More

USN-7397-1: AOM vulnerability

Read Time:11 Second

Xiantong Hou discovered that AOM did not properly handle certain malformed
media files. If an application using AOM opened a specially crafted file, a
remote attacker could cause a denial of service, or possibly execute
arbitrary code.

Read More