Fedora 44 : emacs (2026-49b8ca7981)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-49b8ca7981 advisory. Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. Tenable has extracted the preceding description block directly from the Fedora...

CVE-2025-14576 Possible QML code injection in VectorImage component

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

PT-2026-36093

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2018-25305 librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...

Emacs: emacs: memory corruption vulnerability when processing svg css

...

PT-2026-35988

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...

librsvg2-bin 安全漏洞

librsvg2-bin is a GNOME open-source command-line tool set that provides functions for rendering and converting SVG images. Version 2.40.13 of librsvg2-bin contains a security vulnerability. This vulnerability stems from a buffer overflow, which could allow local attackers to cause denial-of-servi...

CVE-2026-38948

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

CVE-2026-38948

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Versions of FUEL CMS prior to 1.5.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the asset upload feature not properly cleaning up uploaded SVG files, allowing...

[SECURITY] Fedora 44 Update: python-cairosvg-2.9.0-1.fc44

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

[SECURITY] Fedora 44 Update: qt6-qtsvg-6.10.3-1.fc44

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop via custom sanitization policies or programmatic DOM manipulation. An attacker can inject and execute arbitrary scripts, cause resource loading, or trigger externa...

EUVD-2026-24955

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

CVE-2026-6861

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

CVE-2026-6861

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

CVE-2026-6861

A CVE-2026-6861 vulnerability affects GNU Emacs and relates to memory corruption when Emacs processes specially crafted SVG CSS data. A local attacker could entice a user to open a malicious SVG file, which may lead to a denial of service or information disclosure. Public references in the connec...

Red Hat Enterprise Linux 10 安全漏洞

Red Hat Enterprise Linux 10 is a Linux operating system designed for enterprise users by the American company Red Hat. Red Hat Enterprise Linux 10 contains a security vulnerability that stems from memory corruption when processing specially crafted SVG CSS data. Local users can trick victims into...

Linux Distros Unpatched Vulnerability : CVE-2026-6861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS...