Nixpkgs security tracker

Untriaged

Permalink CVE-2026-24800

created 2 months, 2 weeks ago

A heap-based buffer over-read or buffer overflow in tildearrow/furnace

Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.

References

https://github.com/tildearrow/furnace/pull/2471 patch

Affected products

furnace

<0.6.8.3

Matching in nixpkgs

pkgs.furnace

Multi-system chiptune tracker compatible with DefleMask modules

nixos-unstable 0.6.8.3
- nixpkgs-unstable 0.6.8.3
- nixos-unstable-small 0.6.8.3
nixos-25.11 0.6.8.3
- nixpkgs-25.11-darwin 0.6.8.3

pkgs.python312Packages.waterfurnace

Python interface to waterfurnace geothermal systems

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.python313Packages.waterfurnace