batik: Apache XML Graphics Batik vulnerable to code execution via SVG

A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG...

batik: Untrusted code execution in Apache XML Graphics Batik

A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript...

Cairo: Buffer Overflow Vulnerability

Background Cairo is a 2D vector graphics library with cross-device output support. Description An attacker with the ability to provide input to Cairo's image-compositor can cause a buffer overwrite. Impact Malicious input to Cairo's image-compositor can result in denial of service of the...

OESA-2023-1259 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

The vulnerability of the ImageMagick graphics editor arises from improper management of internal resources within the application when processing SVG files. This allows a malicious actor to trigger a service failure.

The vulnerability of the ImageMagick graphics editor is related to improper management of internal resources within the application when processing SVG files. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created SVG file...

PT-2023-22765 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable and tests-passed versions Description: The issue arises from the improper sanitization of SVG files, allowing an attacker to execute arbitrary JavaScript on users' browsers by uploading a crafted...

DNN Corp DotNetNuke 跨站脚本漏洞

DNN also known as DotNetNuke is a set of U.S. DNN by Microsoft support , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. A security vulnerability exists in DNN Corp DotNetNuke versions v7.0.0 through...

Debian: Security Advisory (DLA-3376-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mattermost 跨站脚本漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from Boards that allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29423)

Corel CorelDRAW Graphics Suite is a vector graphics editing software from Corel Digital Technology Canada. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by an attacker to read more than the end of the allocated object...

Duplicate Advisory: ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j96m-mjp6-99xr. This link is maintained to preserve external references. Original Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentati...

GHSA-GV85-XG33-553C Duplicate Advisory: ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j96m-mjp6-99xr. This link is maintained to preserve external references. Original Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentati...

CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

DEBIAN-CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

PT-2023-2379

Name of the Vulnerable Software and Affected Versions ImageMagick affected versions not specified Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially craft...

PT-2023-1831 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Stager versions 2.0.0 and earlier Description: The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...

PT-2023-1837 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Stager versions 2.0.0 and earlier Description: The issue is a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, where a vict...

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in a variety of formats. A security vulnerability exists in ImageMagick, which stems from a specially crafted SVG that causes segmentation errors. Th...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...