120895 matches found
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A code execution vulnerability exists in Mozilla Firefox, which stems from a memory security issue and can be exploited by an attacker to execute arbitrary code on a system...
PT-2025-46489
Name of the Vulnerable Software and Affected Versions Illustrator on iPad versions 3.0.9 and earlier Description Illustrator on iPad versions 3.0.9 and earlier are susceptible to an Integer Underflow vulnerability. Successful exploitation of this issue could lead to arbitrary code execution withi...
PT-2025-46446
Name of the Vulnerable Software and Affected Versions Illustrator versions 28.7.10 through 29.8.2 Description Illustrator versions 28.7.10 and 29.8.2, and earlier, are susceptible to a Heap-based Buffer Overflow. Successful exploitation of this issue could lead to arbitrary code execution with th...
PT-2025-46447
Name of the Vulnerable Software and Affected Versions InDesign Desktop versions 20.5, 19.5.5 and earlier Description InDesign Desktop versions 20.5, 19.5.5 and earlier are susceptible to a Heap-based Buffer Overflow. Successful exploitation of this issue could lead to arbitrary code execution wit...
APSB25-114 : Security update available for Adobe Format Plugins
Adobe has released an update for Adobe Format Plugins. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution and memory exposure...
Security update for python-pdfminer.six (important)
openSUSE Security Update: Security update for python-pdfminer.six Announcement ID: openSUSE-SU-2025:0428-1 Rating: important References: 1253228 Cross-References: CVE-2025-64512 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...
Security update for python-pdfminer.six (important)
openSUSE Security Update: Security update for python-pdfminer.six Announcement ID: openSUSE-SU-2025:0429-1 Rating: important References: 1253228 Cross-References: CVE-2025-64512 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description:...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=1987237%2C1990079%2C1991715%2C1994994 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
CVE-2025-64512
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
CVE-2025-64512
pdfminer.six contains an insecure deserialization vulnerability in the CMap loading path. The library uses pickle.loads() to deserialize CMap cache files; a malicious PDF can cause execution of code by pointing to a crafted .pickle.gz in the cmap directory. Affected releases are before the upstre...
EUVD-2025-50815
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the PyObjectStealAttrString function. An attacker can execute arbitrary code or cause a crash by passing a dangling pointer to APIs such as PyLongAsLong or PyFloatAsDouble after the reference has been decremented. PoC...
USN-7868-1: Raptor vulnerabilities
Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could use this issue to cause Raptor to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-18926 Hanno Böck discovered that Raptor incorrectl...
USN-7868-1 raptor vulnerabilities
Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could use this issue to cause Raptor to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-18926 Hanno Böck discovered that Raptor incorrectl...
Buffer Overflow
libcsp.so is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of input data in the cspusartopen function at drivers/usart/zephyr.c, which allows an attacker to cause memory corruption or execute arbitrary code...
Prototype Pollution
node-cube is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input during the prototype chain initialization process, which allows an attacker to inject malicious properties into built-in object prototypes, potentially leading to denial of servi...
CVE-2025-12867
The CVE-2025-12867 entry concerns Hundred Plus EIP Plus. The connected documents substantiate an Arbitrary File Upload vulnerability in EIP Plus that could allow privileged remote attackers to upload and execute a web shell, resulting in arbitrary code execution on the server. Affected product is...