CVE-2026-33165

libde265 prior to v1.0.17 is affected by a heap out-of-bounds write triggered by a crafted HEVC bitstream. The root cause is a stale ctb_info.log2unitSize after an SPS change, where PicWidthInCtbsY and PicHeightInCtbsY remain constant while Log2CtbSizeY changes, causing set_SliceHeaderIndex to in...

CVE-2025-15270

FontForge SFD File Parsing vulnerabilities (CVE-2025-15270) arise from improper validation of data while parsing SFD files, causing out-of-bounds writes and remote code execution. The connected Mageia advisory confirms a FontForge fix in updated packages; other sources describe the same issue and...

CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

PT-2025-4098 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: The issue is a remote code execution vulnerability that exists in the parsing of U3D files within the PDF-XChange Editor. This vulnerability allows remote attackers to execute...

PT-2024-9133 · Fuji Electric · V-Simulator 5

Name of the Vulnerable Software and Affected Versions: Fuji Electric Tellus Lite V-Simulator 5 affected versions not specified Description: The issue is related to a file parsing problem in the V-Simulator 5 component, specifically with the analysis of V8 files. This allows remote attackers to...

PT-2024-39804 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or...

PT-2024-39801 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or...

CVE-2024-47963

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

CVE-2024-47963

Delta Electronics CNCSoft-G2 contains a DPAX file parsing flaw that can cause an out-of-bounds write, enabling remote code execution. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and affects DPAX parsing logic; exploitation leads to code exec...

PT-2024-38283 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

CVE-2023-40481

7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2023-39499

PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2023-34273

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that t...

CVE-2023-38081

Kofax Power PDF JP2 parsing vulnerability (CVE-2023-38081) allows out-of-bounds write, enabling remote code execution. The flaw exists in JP2 file parsing due to insufficient validation of input data, causing writes past allocated object bounds and code execution in the process context. Requires ...

PT-2023-26288 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a maliciou...

PT-2023-24791 · Unknown · Sante Dicom Viewer Pro

Name of the Vulnerable Software and Affected Versions: Sante DICOM Viewer Pro affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

PT-2023-24792 · Unknown · Sante Dicom Viewer Pro

Name of the Vulnerable Software and Affected Versions: Sante DICOM Viewer Pro affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious...

PT-2023-8013 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this issue, where the target i...

CVE-2022-43617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-43618

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...