CVE-2025-15277

A flaw was found in FontForge. This vulnerability, a heap-based buffer overflow, allows a remote attacker to execute arbitrary code. Exploitation requires user interaction, such as opening a malicious SGI Silicon Graphics Image file, which triggers improper data length validation during scanline...

CVE-2025-15277

FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-15277 FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-15277

FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

FontForge 安全漏洞

FontForge is an open source font editing tool from fontforge that supports multiple languages. A security vulnerability exists in FontForge that stems from improper validation of data length when parsing SGI file scanlines, which could lead to a heap buffer overflow and remote code execution...

PT-2025-53824

Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge within the parsing of scanlines in SGI files. The issue is due to insufficient validation of user-supplied data length before copying it into a heap-based buffer,...

SUSE CVE-2019-19948

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c...

CVE-2021-44187

Adobe Bridge version 11.1.2 and earlier and version 12.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

CVE-2021-36073

Adobe Bridge version 11.1 and earlier is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim...

Siemens Jt2go 和 Siemens Teamcenter Visualization 缓冲区错误漏洞

Siemens Jt2go is a JT file viewer.Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. An out-of-bounds write vulnerability exists in Siemens JT2Go versions prior to 13.2 and Teamcenter Visualization versions prior to 13.2. The...

CVE-2021-21451

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2

An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest...

python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2

An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest...

UBUNTU-CVE-2020-11538

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...

PT-2020-12675 · Pillow +5 · Pillow +5

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 7.0.1 Description: The issue exists in the parsing of SGI image files, where a number of out-of-bounds reads are present in the libImaging/SgiRleDecode.c module. Recommendations: For versions prior to 7.0.1, update to...

ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c

A heap-based buffer overflow flaw was discovered in ImageMagick when writing SGI images with improper columns and rows properties. An attacker may trick a victim user into downloading a malicious image file and running it through ImageMagick, possibly executing code onto the victim user's system...

ALPINE-CVE-2020-5311

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow...

DEBIAN-CVE-2017-15217

ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c...

Apple OS X QuickTime memory corruption vulnerability (CNVD-2016-05732)

Apple OS X is a proprietary operating system developed by Apple for Mac computers, with QuickTime as one of the multimedia playback components. A memory corruption vulnerability exists in QuickTime in Apple OS X versions prior to 10.11.6. A remote attacker could exploit this vulnerability to...

security flaw

Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file...