Mozilla: Large WebGL draw could have led to a crash

The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash...

Ubuntu 16.04 LTS / 18.04 LTS : GD Graphics Library vulnerabilities (USN-4316-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4316-1 advisory. It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphi...

openSUSE 15 Security Update : python-CairoSVG (openSUSE-SU-2023:0272-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0272-1 advisory. - CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression...

openSUSE 15 Security Update : python-CairoSVG (openSUSE-SU-2023:0260-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0260-1 advisory. - CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2023-5246

Name of the Vulnerable Software and Affected Versions giflib version 5.2.1 Description The issue is related to a segmentation fault in the getarg.c component of the giflib library, which can be exploited to cause a denial of service. Recommendations For giflib version 5.2.1, consider updating to ...

PT-2023-9328 · Google +2 · Skia +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.98 Description: The issue is related to an inappropriate implementation in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker to potentially perform a sandbox...

Important: gd

Issue Overview: DISPUTED gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and...

Cairo: Buffer Overflow Vulnerability

Background Cairo is a 2D vector graphics library with cross-device output support. Description An attacker with the ability to provide input to Cairo's image-compositor can cause a buffer overwrite. Impact Malicious input to Cairo's image-compositor can result in denial of service of the...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, and Skia is an open source 2D graphics library that provides common APIs that work on a variety of hardware and software platforms. A buffer overflow vulnerability exists in Skia in versions of Google Chrome prior to 112.0.5615.137. An attacker could...

Security Bulletin: Vulnerabilities in php5 affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in php5. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in php5. Vulnerability Details CVEID: CVE-2016-6911 Description:...

Updated python-cairosvg packages fix security vulnerability

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

Fedora 36 : python-cairosvg (2023-064525b17b)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-064525b17b advisory. - Update python-cairosvg version 2.7.0 - Disable isort flake8 patch updated - Fix CVE-2023-27586 - BZ2180272 BZ2180271 Tenable has extracted the preceding...

PYSEC-2023-9

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

Server side request forgery (ssrf)

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

CVE-2023-27586

CVE-2023-27586 affects CairoSVG prior to 2.7.0, where Cairo could make requests to external hosts while processing SVGs. The underlying issue is external resource loading, enabling server-side request forgery (SSRF) and potential denial of service. The connected advisories confirm that version 2....

CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

Fedora: Security Advisory for cairo (FEDORA-2023-a48406ecd2)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Remote Code Execution (RCE)

firefox and thunderbird are vulnerable to Remote Code Execution RCE. An out of date graphics library likely contained vulnerabilities that could potentially be exploited to upload and execute malicious code on the system...