UBUNTU-CVE-2023-44216

PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...

PYSEC-2023-311

plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...

Zope Security Vulnerability

Zope is a set of object-oriented, open source web application servers written in the Python language by the Zope community. A security vulnerability exists in Zope that stems from a stored cross-site scripting vulnerability XSS vulnerability in SVG images. The vulnerability can be exploited to...

Plone Cross-Site Scripting Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A cross-site scripting vulnerability exists in versions prior to plone.namedfile 5.6.1, 6.0.3, 6.1.3, and 6.2.1, which stems from a security issue with SVG images that was not fully fixed by previous...

CVE-2023-37611

Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...

Neos CMS Cross-Site Scripting Vulnerability

Neos CMS is an open source CMS software from Neos. A security vulnerability exists in Neos CMS version 8.3.3, which stems from the presence of a stored cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute arbitrary code by designing SVG files...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2023:5081 Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

ROS-20230911-09

A vulnerability in the XML document merge mechanism XInclude of the vector graphics rendering library librsvg is related to incorrect restriction of path name to restricted directory when processing element xi:include. Exploitation of the vulnerability may allow an intruder to gain unauthorized...

Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

matrix-media-repo Cross-Site Scripting Vulnerability

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cross-site scripting vulnerability exists in matrix-media-repo versions prior to 1.3.0, which originates from a vulnerability that allows an attacker to upload an SVG image containing JavaScript script to a serv...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Debian dla-3539 : libqt4-dbg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3539 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3539-1 [email protected]...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used for processing SVG-format images. A code issue vulnerability exists in Apache XML Graphics Batik version 1.16, which stems from the presence of a Server Request Forgery SSRF vulnerability. An...

Artifex Software MuPDF 资源管理错误漏洞

Artifex Software MuPDF is a free and lightweight PDF reader from Artifex Software, USA. A security vulnerability exists in Artifex Software MuPDF version 1.16.0, which originates from a post-release reuse vulnerability in the svgdevtextspanaspathsdefs function in source/fitz/svg-device.c. The...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used for processing SVG-format images. A code issue vulnerability exists in Apache XML Graphics Batik version 1.16, which stems from the presence of a Server Request Forgery SSRF...

Campcodes Online Matrimonial Website System Code Issue Vulnerability

Campcodes Online Matrimonial Website System is an online matrimonial website from Campcodes, Inc. A security vulnerability exists in the Campcodes Online Matrimonial Website System. An attacker could exploit this vulnerability to execute code via a malicious SVG file upload...

CVE-2023-28530

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site...

The vulnerability of the QTextLayout component of the cross-platform software development framework for Qt, which allows a hacker to trigger a service failure.

The vulnerability of the QTextLayout component of the cross-platform software development framework for Qt is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created SVG file...

Fides 资源管理错误漏洞

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A resource management error vulnerability exists in Fides versions 2.11.0 through 2.15.1, which stems from...