Lucene search
K

2466 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

Amazon Linux 2023 : fontforge, fontforge-devel (ALAS2023-2026-1378)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1378 advisory. FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User...

8.8CVSS6.1AI score0.0058EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2026/02/05 12:0 a.m.5 views

Important: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via heap-based buffer...

8.8CVSS6.6AI score0.0058EPSS
Exploits0References8
OSV
OSV
added 2026/02/05 12:0 a.m.2 views

ALSA-2026:2039 Important: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via heap-based buffer...

8.8CVSS6.6AI score0.0058EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/03 2:4 p.m.5 views

CVE-2026-24133

A flaw was found in jsPDF. A remote attacker can exploit this vulnerability by providing specially crafted BMP image data or URLs to the addImage or html methods. This can cause the application to allocate excessive memory, leading to an out-of-memory error and a denial of service DoS. Mitigation...

8.7CVSS5.2AI score0.00559EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/02 8:32 p.m.2 views

CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

8.7CVSS5.3AI score0.00559EPSS
Exploits1References3
CVE
CVE
added 2026/02/02 8:32 p.m.31 views

CVE-2026-24133

The CVE-2026-24133 issue affects jsPDF (prior to 4.1.0) where user control of the first addImage argument allows denial of service when processing unvalidated BMP data or URLs, including via the html method. Harmful BMP headers with large width/height trigger excessive memory allocations, leading...

8.7CVSS5.3AI score0.00559EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/02 8:32 p.m.25 views

CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

8.7CVSS0.00559EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/02/02 6:29 p.m.8 views

jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...

8.7CVSS5.3AI score0.00559EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/02 6:29 p.m.2 views

GHSA-95FX-JJR5-F39C jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...

8.7CVSS5.4AI score0.00559EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.6 views

PT-2026-5719

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description jsPDF is a JavaScript library used to generate PDFs. A flaw exists where user-controlled input to the addImage method can lead to a denial of service. Specifically, providing a malicious BMP image with...

8.7CVSS5.3AI score0.00559EPSS
Exploits1References11
OSV
OSV
added 2026/01/27 4:16 p.m.9 views

AZL-75290 CVE-2025-69419 affecting package openssl for versions less than 3.3.5-3

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.7 views

AZL-76152 CVE-2025-69419 affecting package hvloader for versions less than 1.0.1-18

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : autotrace-0.31.1-65.el9 (AXSA:2023-5497:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5497:01 advisory. autotrace: heap-buffer overflow via the ReadImage at input-bmp.c CVE-2022-32323 Tenable has extracted the preceding description block directly from the...

7.3CVSS7.5AI score0.00759EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.322.b06-2.el8 (AXSA:2022-3023:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3023:02 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Insufficient URI checks in t...

5.3CVSS5.8AI score0.08346EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 7 : java-11-openjdk-11.0.13.0.8-1.el7 (AXSA:2021-2490:12)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2490:12 advisory. OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using...

7.1CVSS6.3AI score0.14839EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : java-11-openjdk-11.0.13.0.8-1.el8 (AXSA:2021-2492:13)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2492:13 advisory. OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using...

7.1CVSS6.5AI score0.14839EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : libtiff-3.9.4-21.AXS4 (AXSA:2017-1285:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1285:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file...

9.8CVSS8.2AI score0.04767EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 7 : libtiff-4.0.3-35.0.3.el7.AXS7 (AXSA:2025-10907:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10907:02 advisory. CVE-2017-9117: add checks for all BMP reading operations to avoid buffer overflow CVEs: CVE-2017-9117 In LibTIFF 4.0.6 and possibly other versions, the...

9.8CVSS7.3AI score0.02221EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 7 : ImageMagick-6.9.10.68-7.0.7.el7.AXS7 (AXSA:2025-11533:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11533:04 advisory. CVE-2025-62171: add overflow check before calculating extent in the BMP decoder CVEs: CVE-2025-62171 ImageMagick is an open source software suite for...

8.8CVSS7.2AI score0.00794EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.7 views

CVE-2021-33657

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

8.8CVSS7.1AI score0.01986EPSS
Exploits0References1
Rows per page
Query Builder