18323 matches found
CVE-2026-25168
Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally...
CVE-2026-25180
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally...
CVE-2026-30974
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...
CVE-2026-32139
Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...
CVE-2026-31807
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements...
CVE-2026-23668
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...
CVE-2026-32753
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...
CVE-2026-33418
DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...
SUSE CVE-2026-33416
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...
freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...
firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...
firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Race condition, use-after-free in the Graphics: WebRender component...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Text component...
firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Graphics: Canvas2D component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Text component...