2466 matches found
Amazon Linux 2023 : fontforge, fontforge-devel (ALAS2023-2026-1378)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1378 advisory. FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User...
Important: fontforge security update
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via heap-based buffer...
ALSA-2026:2039 Important: fontforge security update
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: FontForge: Remote Code Execution via heap-based buffer...
CVE-2026-24133
A flaw was found in jsPDF. A remote attacker can exploit this vulnerability by providing specially crafted BMP image data or URLs to the addImage or html methods. This can cause the application to allocate excessive memory, leading to an out-of-memory error and a denial of service DoS. Mitigation...
CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...
CVE-2026-24133
The CVE-2026-24133 issue affects jsPDF (prior to 4.1.0) where user control of the first addImage argument allows denial of service when processing unvalidated BMP data or URLs, including via the html method. Harmful BMP headers with large width/height trigger excessive memory allocations, leading...
CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...
jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...
GHSA-95FX-JJR5-F39C jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...
PT-2026-5719
Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description jsPDF is a JavaScript library used to generate PDFs. A flaw exists where user-controlled input to the addImage method can lead to a denial of service. Specifically, providing a malicious BMP image with...
AZL-75290 CVE-2025-69419 affecting package openssl for versions less than 3.3.5-3
Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...
AZL-76152 CVE-2025-69419 affecting package hvloader for versions less than 1.0.1-18
Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...
MiracleLinux 9 : autotrace-0.31.1-65.el9 (AXSA:2023-5497:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5497:01 advisory. autotrace: heap-buffer overflow via the ReadImage at input-bmp.c CVE-2022-32323 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.322.b06-2.el8 (AXSA:2022-3023:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3023:02 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Insufficient URI checks in t...
MiracleLinux 7 : java-11-openjdk-11.0.13.0.8-1.el7 (AXSA:2021-2490:12)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2490:12 advisory. OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using...
MiracleLinux 8 : java-11-openjdk-11.0.13.0.8-1.el8 (AXSA:2021-2492:13)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2492:13 advisory. OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using...
MiracleLinux 4 : libtiff-3.9.4-21.AXS4 (AXSA:2017-1285:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1285:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file...
MiracleLinux 7 : libtiff-4.0.3-35.0.3.el7.AXS7 (AXSA:2025-10907:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10907:02 advisory. CVE-2017-9117: add checks for all BMP reading operations to avoid buffer overflow CVEs: CVE-2017-9117 In LibTIFF 4.0.6 and possibly other versions, the...
MiracleLinux 7 : ImageMagick-6.9.10.68-7.0.7.el7.AXS7 (AXSA:2025-11533:04)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11533:04 advisory. CVE-2025-62171: add overflow check before calculating extent in the BMP decoder CVEs: CVE-2025-62171 ImageMagick is an open source software suite for...
CVE-2021-33657
There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...