Ghostscript OpenSC and CGIF memory corruption flaws memory corruption flaw
Vulnerability
Summary
Hide ▲
Show ▼
Ghostscript, OpenSC, and CGIF were among the open-source libraries affected by a newly disclosed batch of more than 500 previously unknown high-severity flaws. The weaknesses included a missing bounds check, a buffer overflow, and a heap buffer overflow, with some issues already patched by maintainers. The disclosure matters because it expands remediation work across widely used libraries and exposes deployed software to memory-corruption risk.
Related Happenings
FFmpeg parser/demuxer overflows (multiple vulnerabilities)
Vulnerability
H score36
First: 06.06.2026 10:28
Last: 06.06.2026 10:28
Sources 1
About this happening:
**FFmpeg** now has **21 confirmed zero-days**, creating risk for any product that bundles the media library and processes untrusted video input. The findings include **heap and st...
FFmpeg parser/demuxer overflows (multiple vulnerabilities)
VulnerabilityAbout this happening: **FFmpeg** now has **21 confirmed zero-days**, creating risk for any product that bundles the media library and processes untrusted video input. The findings include **heap and st...
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
H score26
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Widespread end-of-life package exposure across major open-source registries
Trend
H score59
First: 05.05.2026 17:00
Last: 05.05.2026 17:00
Sources 1
About this happening:
End-of-life open source packages remain widespread across **major registries**, leaving **enterprise dependency graphs** exposed to versions with no patch path and limited CVE cov...
Widespread end-of-life package exposure across major open-source registries
TrendAbout this happening: End-of-life open source packages remain widespread across **major registries**, leaving **enterprise dependency graphs** exposed to versions with no patch path and limited CVE cov...
OpenNDS zero-day vulnerabilities (multiple vulnerabilities)
Vulnerability
H score0
First: 17.04.2026 16:20
Last: 17.04.2026 16:20
Sources 1
About this happening:
Researchers uncovered **four new zero-day vulnerabilities** in **OpenNDS**, creating unknown-risk exposure in a **widely deployed** software component. The flaws were found using...
OpenNDS zero-day vulnerabilities (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers uncovered **four new zero-day vulnerabilities** in **OpenNDS**, creating unknown-risk exposure in a **widely deployed** software component. The flaws were found using...
MCP STDIO arbitrary command execution security flaw
Vulnerability
H score53
First: 16.04.2026 12:40
Last: 16.04.2026 12:40
Sources 1
About this happening:
A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
MCP STDIO arbitrary command execution security flaw
VulnerabilityAbout this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
Timeline
-
06.02.2026 07:49 1 articles · 5mo ago
Claude Opus 4.6 flaw disclosure
Technical Analysis UpdateAnthropic disclosed that Claude Opus 4.6 found more than 500 previously unknown high-severity security flaws in open-source libraries including Ghostscript, OpenSC, and CGIF, and said its Frontier Red Team tested the model in a virtualized environment with debuggers and fuzzers, validated every discovered flaw to avoid hallucinations, and used the results to prioritize severe memory-corruption bugs; some defects have already been patched by the respective maintainers, including a CGIF heap buffer overflow fixed in version 0.5.1.
Show sources
- Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries — thehackernews.com — 06.02.2026 07:49