2040 matches found
Moderate: librsvg2 security update
The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Adobe Illustrator 2020 Memory Corruption Vulnerability (CNVD-2020-57881)
Adobe Illustrator 2020 is a vector graphics editor. A memory corruption vulnerability exists in Adobe Illustrator 2020. An attacker can exploit this vulnerability to execute arbitrary code...
CVE-2020-24413
Adobe Illustrator version 24.1.2 and earlier is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit...
CVE-2020-24415
Adobe Illustrator version 24.1.2 and earlier is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit...
UBUNTU-CVE-2020-13339
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted...
PT-2023-27226 · Libvips +3 · Libvips +3
Name of the Vulnerable Software and Affected Versions: libvips versions 8.14.3 or earlier Description: A specially crafted SVG input can cause libvips to segfault when attempting to parse a malformed UTF-8 character. libvips is a demand-driven, horizontally threaded image processing library...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
UBUNTU-CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
CVE-2020-25102
silverstripe-advancedreports aka the Advanced Reports module for SilverStripe 1.0 through 2.0 is vulnerable to Cross-Site Scripting XSS because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item ak...
[SECURITY] Fedora 32 Update: batik-1.13-1.fc32
Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...
CVE-2020-15015
The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document...
CVE-2020-15015
The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-35363)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server, which can be exploited by a remote attacker to cause a denial of service with the help of a specially crafted SVG document...
DEBIAN-CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...
UBUNTU-CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...
qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp...