CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

Allocation of Resources Without Limits or Throttling

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods when processing BMP image data with unvalidated dimensions. An attacker can cause excessive memory...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods when processing BMP image data with unvalidated dimensions. An attacker can cause excessive memory allocation and application unavailability by...

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.1.0 contained a security vulnerability. This vulnerability stemmed from the first parameter of the addImage method, which allowed users to provide harmful BMP files, potentially leading...

[SECURITY] Fedora 42 Update: fontforge-20230101-18.fc42

FontForge former PfaEdit is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-1123)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : cifs: Fix UAF in cifsdemultiplexthreadCVE-2023-52572 net: fix data-races around sk-skforwardallocCVE-2024-53124 quota: flush...

CVE-2026-25061

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past...

UBUNTU-CVE-2026-25061

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past...

kernel: Linux kernel: iommufd/iova_bitmap shift-out-of-bounds vulnerability

A flaw was found in the Linux kernel's iommufd/iovabitmap component. This vulnerability allows a local attacker with low privileges to cause a system crash or denial of service via a shift-out-of-bounds error...

kernel: Linux kernel: iommufd/iova_bitmap shift-out-of-bounds vulnerability

A flaw was found in the Linux kernel's iommufd/iovabitmap component. This vulnerability allows a local attacker with low privileges to cause a system crash or denial of service via a shift-out-of-bounds error...

CVE-2025-69419

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

poppler: Out-of-Bounds Read in Poppler

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...

SUSE CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

UBUNTU-CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004838)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004838 advisory. In the Linux kernel, the following vulnerability has been resolved: cxl: Fix a memory leak in an error handling path A bitmapzalloc must be balanced by a correspondi...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004832)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004832 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of mdbitmapgetcounter Check the return value of...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004881)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004881 advisory. In the Linux kernel, the following vulnerability has been resolved: memstick/msblock: Fix a memory leak 'erasedblocksbitmap' is never freed. As it is allocated at th...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-35787)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35787 advisory. - In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usag...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56763)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56763 advisory. - In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for...