New Project Zero issue:

libheif: Heap-based Buffer Overflow in Uncompressed Image Tiled Decoding

https://project-zero.issues.chromium.org/issues/507396184

CVE-2026-47178

New Project Zero issue:

vpu driver close instance ioctl races with itself causing UAF

https://project-zero.issues.chromium.org/issues/493643407

CVE-2026-0163

New Project Zero issue:

Linux: recursively oopsing task can get preempted while TASK_DEAD, causing stack refcount overdecrement

https://project-zero.issues.chromium.org/issues/510793286

CVE-2026-46173

New Project Zero issue:

apple-zlib: uninitialized memory leak during decompression in inflate

https://project-zero.issues.chromium.org/issues/488250572

CVE-2026-28920

New Project Zero issue:

Linux >=6.10: io_uring: kernel memory read via unchecked address in ITER_UBUF/ITER_IOVEC iov_iter combined with non-checking nocache/flushcache accessors

https://project-zero.issues.chromium.org/issues/496923375

CVE-2026-43073

New Project Zero issue:

Adobe DNG SDK: heap corruption via negative pointer in dng_simple_image::Trim due to DefaultCropArea logic error

https://project-zero.issues.chromium.org/issues/479151242

CVE-2026-27259

New Project Zero issue:

Adobe DNG SDK: inconsistency between kMaxColorPlanes and kMaxSamplesPerPixel leads to multiple memory corruption issues

https://project-zero.issues.chromium.org/issues/477557327

CVE-2026-27258

New Project Zero issue:

Adobe DNG SDK: systemic out-of-bounds reads in rendering routines due to lack of NaN validation and missing index lower-bound checks

https://project-zero.issues.chromium.org/issues/480916830

CVE-2026-27260

New Project Zero issue:

Adobe DNG SDK: out-of-bounds write in dng_render_task::ProcessArea due to coordinate system confusion

https://project-zero.issues.chromium.org/issues/479111319

CVE-2026-27280

New Project Zero issue:

Adobe DNG SDK: integer overflow in dng_pixel_buffer::OptimizeOrder leads to out-of-bounds memory access

https://project-zero.issues.chromium.org/issues/478212931

CVE-2026-27281

New Project Zero issue:

Windows: OSK Shared Session Key EoP

https://project-zero.issues.chromium.org/issues/466303419

CVE-2026-24291

New Project Zero issue:

Windows: ATBroker CopySettingsToLockedDesktop Information Disclosure

https://project-zero.issues.chromium.org/issues/466301558

CVE-2026-25186

New Project Zero issue:

Windows: WinLogon WlAccessabilitypDeleteSATKey Registry Deletion EoP

https://project-zero.issues.chromium.org/issues/466300525

CVE-2026-25187

New Project Zero issue:

vpu driver allocation and free of dmabuf and iova can race causing UAF read

https://project-zero.issues.chromium.org/issues/465824679

CVE-2026-0121

New Project Zero issue:

vpu driver open and close instance ioctls race causing UAF

https://project-zero.issues.chromium.org/issues/463672550

CVE-2026-0112

New Project Zero issue:

vpu driver mmap allows OOB physical mappings

https://project-zero.issues.chromium.org/issues/463438263

CVE-2026-0106

New Project Zero issue:

Adobe DNG SDK: integer overflow in dng_ref_counted_block::Allocate leads to memory corruption on 32-bit platforms

https://project-zero.issues.chromium.org/issues/467941645

CVE-2026-21353

New Project Zero issue:

Adobe DNG SDK: missing allocation check leads to an arbitrary memory write in JXL format processing

https://project-zero.issues.chromium.org/issues/464250765

CVE-2026-21352

New Project Zero issue:

Adobe DNG SDK: multiple integer arithmetic issues in embedded JXL image support

https://project-zero.issues.chromium.org/issues/463335147

CVE-2026-21354

New Project Zero issue:

Samsung: libimagecodec.quram.so DNG out-of-bounds read in DoCopyArea16_R32 during the Render phase

https://project-zero.issues.chromium.org/issues/457401481

CVE-2026-20973