CVE-2021-40753

Adobe After Effects version 18.4.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a...

Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD

Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in LibreCAD’s libdfxfw open-source library. This library reads and writes .dxf and .dwg files — the primary file format for vector graphics in CAD... This is only the...

Fedora: Security Advisory for autotrace (FEDORA-2021-df1fa3d3e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: autotrace-0.31.1-62.fc35

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

Mozilla Firefox Security Advisory (MFSA2012-63) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

autotrace security update

An update for autotrace is now available for Rocky Linux 8. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Adobe Illustrator 2022 null pointer dereference vulnerability (CNVD-2021-101937)

Adobe Illustrator is a vector graphics editor and design program. Adobe Illustrator 2022 25.4.1 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service in the application...

Adobe Illustrator 2022 out-of-bounds read vulnerability (CNVD-2021-101939)

Adobe Illustrator, a vector graphics editor and design program, is vulnerable to an out-of-bounds read vulnerability in Adobe Illustrator 2022 25.4.1 and earlier versions. An attacker could exploit this vulnerability to elevate privileges...

Adobe Illustrator 2022 null pointer dereference vulnerability (CNVD-2021-101936)

Adobe Illustrator is a vector graphics editor and design program. Adobe Illustrator 2022 25.4.1 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service in the application...

Nextcloud 路径遍历漏洞

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...

CamaleonCMS 安全漏洞

CamaleonCMS is a RubyonRails-based advanced dynamic content management system CMS from the Camaleon CMS team.A denial-of-service vulnerability exists in Camaleon CMS versions 2.0.1 through 2.6.0, which stems from a vulnerability to uncaught exceptions in Camaleon CMS. An attacker with low privile...

Libqt 缓冲区错误漏洞

Libqt is an open source software package. A buffer error vulnerability exists in Libqt that originates when rendering and displaying carefully crafted Scalable Vector Graphics SVG files; this flaw could lead to unauthorized memory access. The greatest threat of this vulnerability is data...

Alkacon OpenCms 代码问题漏洞

Alkacon OpenCms is an open source content management system CMS developed in Java.Alkacon OpenCms is vulnerable to an XML external entity vulnerability that can be exploited by attackers to steal files from the server's file system by uploading crafted SVG documents...

CVE-2021-37330

Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting XSS. The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigge...

CVE-2021-40709

Adobe Photoshop versions 21.2.11 and earlier and 22.5 and earlier are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user...

CVE-2021-39823

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...

Gila CMS 跨站脚本漏洞

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in Gila CMS version 1.11.4, which can be exploited by an attacker to execute arbitrary Web script or HTML via specially crafted SVG files...

PeerTube 跨站脚本漏洞

PeerTube is a decentralized video sharing service platform. Peertube has a cross-site scripting vulnerability in versions prior to v3.4.0, which stems from the application's lack of user input data validation and filtering of the data at the input location, and could be used by an attacker to...

Directory Traversal

Overview convert-svg-to-png is a package for converting SVG to PNG using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a...

Directory Traversal

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show t...