Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (ROCm)
🔗 CVE IDs covered (20)
📋 Description
CVE-2023-40403 — libxslt: Processing web content may disclose sensitive information CVE-2025-14831 — gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification CVE-2026-3497 — openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables CVE-2026-4111 — libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive CVE-2026-4424 — libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4519 — python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVE-2026-5121 — libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing CVE-2026-5201 — gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image CVE-2026-23868 — giflib: Giflib: Double-free vulnerability leading to memory corruption CVE-2026-25749 — vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-26209 — cbor2: cbor2: Denial of Service due to uncontrolled recursion via crafted CBOR payloads CVE-2026-27135 — nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27622 — openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-28417 — vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28421 — vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-33412 — vim: Vim: Arbitrary code execution via command injection in glob() function CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing CVE-2026-42309 — Pillow: Pillow: Denial of Service via specially crafted coordinate input CVE-2026-42310 — Pillow: Pillow: Denial of Service via malicious PDF processing
🔗 References (26)
- selfhttps://access.redhat.com/errata/RHSA-2026:16009
- externalhttps://www.redhat.com/en/products/ai/inference-server
- externalhttps://access.redhat.com/security/cve/CVE-2023-40403
- externalhttps://access.redhat.com/security/cve/CVE-2025-14831
- externalhttps://access.redhat.com/security/cve/CVE-2026-23868
- externalhttps://access.redhat.com/security/cve/CVE-2026-25749
- externalhttps://access.redhat.com/security/cve/CVE-2026-26209
- externalhttps://access.redhat.com/security/cve/CVE-2026-27135
- externalhttps://access.redhat.com/security/cve/CVE-2026-27622
- externalhttps://access.redhat.com/security/cve/CVE-2026-28417
- externalhttps://access.redhat.com/security/cve/CVE-2026-28421
- externalhttps://access.redhat.com/security/cve/CVE-2026-30922
- externalhttps://access.redhat.com/security/cve/CVE-2026-33412
- externalhttps://access.redhat.com/security/cve/CVE-2026-3497
- externalhttps://access.redhat.com/security/cve/CVE-2026-40192
- externalhttps://access.redhat.com/security/cve/CVE-2026-4111
- externalhttps://access.redhat.com/security/cve/CVE-2026-42308
- externalhttps://access.redhat.com/security/cve/CVE-2026-42309
- externalhttps://access.redhat.com/security/cve/CVE-2026-42310
- externalhttps://access.redhat.com/security/cve/CVE-2026-42311
- externalhttps://access.redhat.com/security/cve/CVE-2026-4424
- externalhttps://access.redhat.com/security/cve/CVE-2026-4519
- externalhttps://access.redhat.com/security/cve/CVE-2026-5121
- externalhttps://access.redhat.com/security/cve/CVE-2026-5201
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16009.json