ovmf

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ovmf package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Integer Overflow or Wraparound	*
L Improper Handling of Missing Special Element	*
L NULL Pointer Dereference	*
L CVE-2026-28387	*
L Buffer Access with Incorrect Length Value	*
M NULL Pointer Dereference	*
M Incorrect Calculation of Buffer Size	*
L Missing Required Cryptographic Step	*
M Improper Handling of Parameters	*
L Access of Resource Using Incompatible Type ('Type Confusion')	*
L Allocation of Resources Without Limits or Throttling	*
L Improper Validation of Specified Type of Input	*
L NULL Pointer Dereference	*
L Access of Resource Using Incompatible Type ('Type Confusion')	*
L NULL Pointer Dereference	*
L Out-of-bounds Write	*
L Improper Validation of Specified Quantity in Input	*
L Out-of-bounds Write	*
L Improper Certificate Validation	*
L Covert Timing Channel	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
L Information Exposure	*
L Use After Free	*
L Reversible One-Way Hash	*
L Resource Exhaustion	*
M Resource Exhaustion	*
M Improper Certificate Validation	*
L Improper Certificate Validation	*
L Resource Exhaustion	*
H Incorrect Type Conversion or Cast	*
M Use After Free	*
M Information Exposure	*
L NULL Pointer Dereference	*
M Missing Required Cryptographic Step	*
M Arbitrary Command Injection	*
M Buffer Underflow	*
M Arbitrary Command Injection	*
M Improper Input Validation	*
H Out-of-Bounds	*
M Buffer Overflow	*
M Integer Overflow or Wraparound	*
M Resource Exhaustion	*
M Uncontrolled Recursion	*
M Integer Overflow or Wraparound	*
M NULL Pointer Dereference	*
M Unchecked Return Value	*
M Incorrect Authorization	*
M NULL Pointer Dereference	*