freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit this vulnerability when a client connects to it. Specifically, offscreen bitmap deletion can lead to a use-after-free UAF condition, where the client attempts to use memory that has...

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

SUSE-SU-2026:20435-1 Security update for fontforge

This update for fontforge fixes the following issues: Update to version 20251009. Security issues fixed: - CVE-2025-15279: remote code execution via heap-based buffer overflow in BMP file parsing bsc1256013. - CVE-2025-15269: remote code execution via use-after-free in SFD file parsing bsc1256032...

CLSA-2026-1771011128 freerdp: Fix of 2 CVEs

CVE-2026-22857: fix heap use-after-free in irpthreadfunc when serialprocessirp fails - CVE-2026-23530: fix heap buffer overflow in planar bitmap decompression due to missing nSrcWidth/nSrcHeight validation...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that can lead to a denial-of-service attack due to specially crafted PSP image files...

Updated fontforge packages fix security vulnerabilities

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. CVE-2025-15269 FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. CVE-2025-15270 FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit this vulnerability when a client connects to it. Specifically, offscreen bitmap deletion can lead to a use-after-free UAF condition, where the client attempts to use memory that has...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

fontforge security update

An update is available for fontforge. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FontForge is a font editor for outline and bitmap fonts. It supports a rang...

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit this vulnerability when a client connects to it. Specifically, offscreen bitmap deletion can lead to a use-after-free UAF condition, where the client attempts to use memory that has...

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing

A flaw was found in FontForge. This heap-based buffer overflow vulnerability occurs during the parsing of pixels within BMP Bitmap files, due to insufficient validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a malicious BMP file or...

fontforge security update

20201107-7 - Resolves: RHEL-138206 CVE-2025-15279 GUtils BMP File Parsing Heap-based Buffer Overflow - Resolves: RHEL-138228 CVE-2025-15275 SFD File Parsing Heap-based Buffer Overflow - Resolves: RHEL-138158 CVE-2025-15269 SFD File Parsing Use-After-Free...

Important: fontforge

Issue Overview: FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

RHEL 9 : fontforge (RHSA-2026:2039)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2039 advisory. FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1,...

CVE-2026-24133

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...