Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

UBUNTU-CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a quoted font family value...

A vulnerability in the library for processing and transforming HTML/XML code fragments, called Ruby Loofah, arises due to improper handling of input during web page generation. This vulnerability allows attackers to inject arbitrary JavaScript code.

The vulnerability in the library for processing and transforming HTML/XML code fragments in Ruby Loofah is related to insufficient cleaning of SVG elements in JavaScript. Exploiting this vulnerability allows a remote attacker to inject arbitrary JavaScript code...

PT-2019-4931 · Imagemagick +1 · Imagemagick +1

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.8-36 Q16 Description: The issue is related to a memory leak in the SVGKeyValuePairs function of coders/svg.c, which can be exploited by an attacker to cause a denial of service via a crafted image file. This is due to...

DEBIAN-CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

chromium-browser: Type Confusion in SVG

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

[SECURITY] Fedora 28 Update: libwmf-0.2.12-1.fc28

A library for reading and converting Windows MetaFile vector graphics WMF...

[SECURITY] Fedora 29 Update: libwmf-0.2.12-1.fc29

A library for reading and converting Windows MetaFile vector graphics WMF...

SVG++ Buffer Overflow Vulnerability

SVG++ aka Ssvgpp is a C++ framework that includes an SVG syntax parser, adapters for handling parsed data, and various utilities. The framework includes an SVG syntax parser, adapters for handling parsed data, and a variety of utilities.Anti-Grain Geometry AGG is a 2D rendering library used in it...

UBUNTU-CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

Phishing Tactic Hides Tracks with Custom Fonts

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...

Kirby Cross-Site Scripting Vulnerability (CNVD-2019-03334)

Kirby is a document-based content management system CMS. A cross-site scripting vulnerability exists in Kirby version 2.5.12. The vulnerability can be exploited by a remote attacker to upload SVG files using the "site files" Add option...

Digia Qt Segmentation Error Vulnerability

Digia Qt is a cross-platform C++ application development framework from Digia Finland. The framework can be used to develop GUI programs. A security vulnerability exists in the qsvghandler.cpp file in Digia Qt versions prior to 5.11.3. An attacker can exploit this vulnerability to cause a denial ...

DEBIAN-CVE-2018-19869

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp...

PT-2018-15137 · Artifex · Artifex Mupdf

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.14.0 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted svg file. This is due to a NULL pointer dereference in the svg run image function...

Artifex MuPDF Denial of Service Vulnerability (CNVD-2019-06786)

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A denial of service vulnerability exists in the 'svgrunimage' function of the svg/svg-run.c file in Artifex MuPDF version 1.14.0. A remote attacker can exploit this vulnerability to cause a denial of service hrefatt null point...

ASUSTOR ADM cross-site scripting vulnerability (CNVD-2018-26928)

ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1, which can be exploited by remote attackers to execute JavaScript co...