Security Bulletin: jsPDF addImage Method Vulnerable to DoS via Malicious Image Dimensions

Summary jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that...

CVE-2026-5185

A flaw was found in Nothings stbimage. A local attacker could exploit a heap-based buffer overflow vulnerability within the stbigifloadnext function of the Multi-frame GIF File Handler component. By manipulating a GIF file, this flaw could lead to information disclosure or denial of service DoS...

CVE-2020-17410

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

EUVD-2015-7426

Malware in sbrugna...

EUVD-2009-4214

Malware in sbrugna...

EUVD-2010-0690

Malware in sbrugna...

EUVD-2010-4659

Malware in sbrugna...

EUVD-2021-20956

Malware in sbrugna...

EUVD-2005-3349

Malware in sbrugna...

EUVD-2009-4740

Malware in sbrugna...

EUVD-1999-1571

Malware in sbrugna...

EUVD-2021-14340

Malware in sbrugna...

EUVD-2017-12191

Malware in sbrugna...

EUVD-2021-20952

Malware in sbrugna...

EUVD-2021-20966

Malware in sbrugna...

EUVD-2021-8766

Malicious code in bioql PyPI...

GHSA-RXMQ-M78W-7WMC SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks

Impact A specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input shou...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via improper output length handling in the GIF LZW decoding process. An attacker can access limited portions of uninitialized memory by providing a specially crafted GIF file that triggers the inclusion of arbitrary...

CVE-2021-21452

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

CVE-1999-1590

Directory traversal vulnerability in Muhammad A. Muquit wwwcount Count.cgi 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021...