Avoiding <img> layout shifts: aspect-ratio vs width & height attributes

By default, an takes up zero space until the browser loads enough of the image to know its dimensions: &origin=source&to=/c/senna-d1c8a036.jpg When you run the demo, you'll see the immediately. Then, after a few seconds, this paragraph and subsequent page content shifts downwards to make room for...

CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an...

CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...

Design/Logic Flaw

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...

CVE-2021-3695

CVE-2021-3695 affects grub2. A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2 heap, leading to heap data corruption and potentially arbitrary code execution, bypassing secure boot protections. The vulnerability requires heap-layout triage and the written values are r...

CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an...

CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an...

The vulnerability of the `load_elf_binary()` function in the Linux operating system’s kernel allows a hacker to bypass the ASLR protection and expose the protected information.

The vulnerability of the loadelfbinary function in the Linux operating system’s kernel arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism and disclose the protected information...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using specially created data...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to buffer overflow in dynamic memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to overflowing buffers in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to buffer overflow in dynamic memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to overflowing buffers in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created data in the font format...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created data within SVG images...

Malicious code in asset-detect-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 604f819f0f5b6ab645d72fac4c1463c58bb06d5becbe0f97465ee7001b1c5e4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1140 Malicious code in asset-detect-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 604f819f0f5b6ab645d72fac4c1463c58bb06d5becbe0f97465ee7001b1c5e4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cms-component-layout-nyse-footer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 135f3d4b04a436d311af085eec0054e40ca77c5b1981c43dac75aed8c5e27670 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in elemental-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1a68aeaefed156f19d6f0c11e548a2123da4888d3617370086ca94f111d62fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2693 Malicious code in elemental-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1a68aeaefed156f19d6f0c11e548a2123da4888d3617370086ca94f111d62fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2017-20064

A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to...