Lucene search
K

146 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

python-pillow: Pillow: Denial of Service via crafted BDF font file

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical...

7.5CVSS6.1AI score0.00364EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/07/07 3:13 p.m.9 views

SUSE CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/07/07 9:7 a.m.7 views

CVE-2026-55379

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical...

7.5CVSS6AI score0.00364EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed...

7.5CVSS6.7AI score0.00364EPSS
Exploits1References4
OSV
OSV
added 2026/07/06 6:52 p.m.4 views

CVE-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/06 6:52 p.m.30 views

CVE-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS0.00364EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:52 p.m.5 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/07/06 6:52 p.m.22 views

CVE-2026-55379

Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...

7.5CVSS6AI score0.00364EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : libXfont-1.4.5-3.AXS4 (AXSA:2014-146:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-146:01 advisory. X.Org X11 libXfont runtime library Security issues fixed with this release: CVE-2013-6462 Stack-based buffer overflow in the bdfReadCharacters function in...

9.3CVSS8.9AI score0.10254EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 3 : libXfont-1.2.2-1.0.5.AXS3 (AXSA:2014-239:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-239:01 advisory. X.Org X11 libXfont runtime library Security issues fied with this release: CVE-2013-6462 Stack-based buffer overflow in the bdfReadCharacters function in...

9.3CVSS9AI score0.10254EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-1928

Malware in sbrugna...

8.5CVSS5.2AI score0.04864EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-1929

Malware in sbrugna...

8.5CVSS7AI score0.04923EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-3055

Malware in sbrugna...

4.3CVSS6AI score0.01798EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0578

Malware in sbrugna...

5.1CVSS6.4AI score0.02278EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-9470

Malware in sbrugna...

7.5CVSS7.6AI score0.05059EPSS
Exploits1References22
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-6266

Malware in sbrugna...

9.3CVSS9.1AI score0.10254EPSS
Exploits1References23
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2012-1175

Malware in sbrugna...

9.3CVSS6AI score0.03813EPSS
Exploits0References27
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-1171

Malware in sbrugna...

9.3CVSS6AI score0.03813EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-9485

Malware in sbrugna...

5CVSS8AI score0.04159EPSS
Exploits1References23
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2014-9660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bdfparseglyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a...

7.5CVSS7.2AI score0.05059EPSS
Exploits1References2
Rows per page
Query Builder