Alibaba Cloud Linux 3 : 0122: java-17-openjdk (ALINUX3-SA-2026:0122)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0122 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-22007: No description is availabl...

Linux Distros Unpatched Vulnerability : CVE-2026-33812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing a malicious font file can cause excessive memory allocation. CVE-2026-33812 Note that Nessus relies on the presence of the package as reported by the...

CVE-2026-33812

CVE-2026-33812 affects golang.org/x/image, where parsing a malicious SFNT font can trigger excessive memory allocation. The connected CVE listing confirms the issue is caused by decoding a malicious font file (SFNT) and identifies golang.org/x/image as the affected component. The provided documen...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google Inc. There is a security vulnerability in Google Go, which stems from the golang.org/x/image/font/sfnt module’s ability to improperly allocate memory when parsing maliciou...

RockyLinux 9 : fontforge (RLSA-2026:6628)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6628 advisory. fontforge: FontForge: Remote Code Execution via malicious SFD file parsing CVE-2025-15270 Tenable has extracted the preceding description block directly from the...

(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of TrueType fonts. The issue results from the...

GHSA-WGVP-VG3V-2XQ3 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...

CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...

CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...

CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...

Canon’s various products have security vulnerabilities

Canon ImageRunner is a product of the Japanese company Canon. Canon ImageRunner is a series of all-in-one black-and-white printers. Canon Color imageCLASS is a series of printers. Canon Satera is also a series of printers. Several Canon products have security vulnerabilities; these vulnerabilitie...

MiracleLinux 3 : libXfont-1.2.2-1.0.5.AXS3 (AXSA:2014-239:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-239:01 advisory. X.Org X11 libXfont runtime library Security issues fied with this release: CVE-2013-6462 Stack-based buffer overflow in the bdfReadCharacters function in...

CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...

CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...

CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...

CVE-2025-14237

CVE-2025-14237 is a buffer overflow in the XPS font parsing of Canon Small Office Multifunction Printers and Laser Printers. Affects firmware v06.02 and earlier across multiple Canon lines (Japan/US/Europe). The issue can allow a network attacker to cause a reboot/nonresponsive device or execute ...

PT-2026-3192

Name of the Vulnerable Software and Affected Versions Canon Satera LBP670C Series/Satera MF750C Series firmware versions v06.02 and earlier Canon Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238...

PT-2025-53820

Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge related to parsing PFB files, potentially allowing a remote attacker to execute arbitrary code. Exploitation requires user interaction, such as visiting a malicio...

Apple macOS CoreText Font Glyph Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of font...

NewStart CGSL MAIN 7.02 : freetype Vulnerability (NS-SA-2025-0249)

The remote NewStart CGSL host, running version MAIN 7.02, has freetype packages installed that are affected by a vulnerability: - An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structures...