Search for packages
| purl | pkg:deb/debian/mesa@20.3.5-1 |
| Next non-vulnerable version | 24.3.4-3 |
| Latest non-vulnerable version | 25.2.6-1~bpo13+1 |
| Risk | 2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-pfdb-qy35-hkh9
Aliases: CVE-2026-40393 |
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-zkay-7cyh-nkb4 | mesa: security bypass in 3D library graphics |
CVE-2019-5068
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T12:24:42.340867+00:00 | Debian Importer | Affected by | VCID-pfdb-qy35-hkh9 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-15T23:29:40.664712+00:00 | Debian Oval Importer | Fixing | VCID-zkay-7cyh-nkb4 | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.4.0 |
| 2026-04-14T03:08:04.991840+00:00 | Debian Importer | Affected by | VCID-pfdb-qy35-hkh9 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T23:04:58.488660+00:00 | Debian Oval Importer | Fixing | VCID-zkay-7cyh-nkb4 | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.3.0 |
| 2026-04-08T22:38:45.320314+00:00 | Debian Oval Importer | Fixing | VCID-zkay-7cyh-nkb4 | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.1.0 |