dnsmasq: NSEC bitmap parsing infinite loop

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

dnsmasq: NSEC bitmap parsing infinite loop

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

CVE-2026-4890

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: fontforge (UTSA-2026-014309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014309 advisory. FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. Interaction with the GDI library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

SUSE-SU-2026:20435-1 Security update for fontforge

This update for fontforge fixes the following issues: Update to version 20251009. Security issues fixed: - CVE-2025-15279: remote code execution via heap-based buffer overflow in BMP file parsing bsc1256013. - CVE-2025-15269: remote code execution via use-after-free in SFD file parsing bsc1256032...

Updated fontforge packages fix security vulnerabilities

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. CVE-2025-15269 FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2025-15270 FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

fontforge security update

An update is available for fontforge. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FontForge is a font editor for outline and bitmap fonts. It supports a rang...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

fontforge security update

20201107-7 - Resolves: RHEL-138206 CVE-2025-15279 GUtils BMP File Parsing Heap-based Buffer Overflow - Resolves: RHEL-138228 CVE-2025-15275 SFD File Parsing Heap-based Buffer Overflow - Resolves: RHEL-138158 CVE-2025-15269 SFD File Parsing Use-After-Free...

Important: fontforge

Issue Overview: FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

RHEL 9 : fontforge (RHSA-2026:2039)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2039 advisory. FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1,...

CVE-2025-15279

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-15278 FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

RLSA-2025:21968 Important: gimp security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP DCM...

CVE-2025-10923

GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

EUVD-2013-5490

Malware in sbrugna...