GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in wh

Arbitrary writes via tarfile realpath overflow

Use-after-free in "unicode_escape" decoder with error handler

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

Libsoup: null pointer dereference in libsoup may lead to denial of service

Tarfile extracts filtered members when errorlevel=0

Ring: some aes functions may panic when overflow checking is enabled in ring

net-imap rubygem vulnerable to possible DoS by memory exhaustion

Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar

Chromium: CVE-2025-4372 Use after free in WebAudio

Extraction filter bypass for linking outside extraction directory

PyTorch nccl.py torch.cuda.nccl.reduce denial of service

PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

Chromium: CVE-2025-4096 Heap buffer overflow in HTML

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow

Perl threads have a working directory race condition where file operations may target unintended paths