Lucene search
+L

33 matches found

osv
osv
added 2025/12/17 3:48 p.m.7 views

CLSA-2025-1765986482 webkit2gtk3: Fix of 4 CVEs

CVE-2025-13502: fix out of bounds read and integer underflow by adding bounds checking and validating message delimiters - CVE-2025-43430: fix bbq jit compiler writing to wrong stack slots in wasm try/catch blocks - CVE-2025-43421: fix memory handling issues that cause unexpected process crashes...

8.8CVSS6AI score0.01EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17979

Malware in sbrugna...

7.8CVSS7.6AI score0.01617EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2013-6815

Malware in sbrugna...

6.8CVSS6.1AI score0.01728EPSS
Exploits1References10
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-4324

Malware in sbrugna...

9.3CVSS6.3AI score0.04973EPSS
Exploits1References7
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2002-0720

Malware in sbrugna...

5CVSS6.1AI score0.02092EPSS
Exploits0References10
redhatcve
redhatcve
added 2025/05/22 3:21 p.m.7 views

CVE-2020-25291

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...

7.8CVSS7.2AI score0.01617EPSS
Exploits1
cisa_kev
cisa_kev
added 2022/06/08 12:0 a.m.19 views

Microsoft Office Buffer Overflow Vulnerability

Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document...

9.3CVSS7.1AI score0.81877EPSS
In wildExploits4
nvd
nvd
added 2020/09/13 8:15 p.m.23 views

CVE-2020-25291

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...

7.8CVSS0.01617EPSS
Exploits1References1
prion
prion
added 2020/09/13 8:15 p.m.19 views

Cross site request forgery (csrf)

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...

6.8CVSS7.7AI score0.01617EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2020/09/13 7:35 p.m.24 views

CVE-2020-25291

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...

7.7AI score0.01617EPSS
Exploits1References1
veracode
veracode
added 2017/02/03 8:11 a.m.23 views

Denial Of Service (DoS)

FFMpeg is vulnerable to denial of service DoS attacks and possibly other attacks. These attacks are possible because pngdec.c allows the monochrome-black format without verifying the bits-by-pixel value is 1. This can lead attackers to cause an out-of-bounds access error through a PNG data...

7.5CVSS8.2AI score0.03078EPSS
Exploits0References5Affected Software1
cnvd
cnvd
added 2015/09/08 12:0 a.m.25 views

FFmpeg Denial of Service Vulnerability (CNVD-2015-05845)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'decodeihdrchunk' function in the libavcodec/pngdec.c file in versions of FFmpeg prior to 2.7.2, which can be exploited by remote attackers to cause a...

7.5CVSS9.3AI score0.02412EPSS
Exploits0References1
nvd
nvd
added 2015/02/08 11:59 a.m.20 views

CVE-2014-9665

The LoadSBitPng function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact by embedding a PNG file...

7.5CVSS7.2AI score0.04892EPSS
Exploits1References10
osv
osv
added 2015/02/08 11:59 a.m.3 views

DEBIAN-CVE-2014-9665

The LoadSBitPng function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact by embedding a PNG file...

7.5CVSS7.8AI score0.04892EPSS
Exploits1References1
osv
osv
added 2015/02/08 11:59 a.m.6 views

CVE-2014-9665

The LoadSBitPng function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact by embedding a PNG file...

7.5AI score
Exploits0References10
cvelist
cvelist
added 2015/02/08 11:0 a.m.29 views

CVE-2014-9665

The LoadSBitPng function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact by embedding a PNG file...

7.6AI score0.04892EPSS
Exploits1References10
prion
prion
added 2014/11/05 11:55 a.m.27 views

Out-of-bounds

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted PNG data...

7.5CVSS7.9AI score0.03078EPSS
Exploits0References3Affected Software1
ubuntucve
ubuntucve
added 2014/11/05 11:55 a.m.23 views

CVE-2014-8545

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted PNG data...

7.5CVSS5.9AI score0.03078EPSS
Exploits0References3
cvelist
cvelist
added 2014/11/05 11:0 a.m.30 views

CVE-2014-8545

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted PNG data...

9AI score0.03078EPSS
Exploits0References3
nvd
nvd
added 2013/12/09 4:36 p.m.24 views

CVE-2013-7014

Integer signedness error in the addbytesl2c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted PNG data...

6.8CVSS7.3AI score0.01728EPSS
Exploits1References8
Rows per page
Query Builder