146 matches found
python-pillow: Pillow: Denial of Service via crafted BDF font file
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical...
SUSE CVE-2026-55379
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
CVE-2026-55379
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical...
Linux Distros Unpatched Vulnerability : CVE-2026-55379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed...
CVE-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
CVE-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
CVE-2026-55379
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
CVE-2026-55379
Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...
MiracleLinux 4 : libXfont-1.4.5-3.AXS4 (AXSA:2014-146:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-146:01 advisory. X.Org X11 libXfont runtime library Security issues fixed with this release: CVE-2013-6462 Stack-based buffer overflow in the bdfReadCharacters function in...
MiracleLinux 3 : libXfont-1.2.2-1.0.5.AXS3 (AXSA:2014-239:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-239:01 advisory. X.Org X11 libXfont runtime library Security issues fied with this release: CVE-2013-6462 Stack-based buffer overflow in the bdfReadCharacters function in...
EUVD-2015-1928
Malware in sbrugna...
EUVD-2015-1929
Malware in sbrugna...
EUVD-2010-3055
Malware in sbrugna...
EUVD-2005-0578
Malware in sbrugna...
EUVD-2014-9470
Malware in sbrugna...
EUVD-2013-6266
Malware in sbrugna...
EUVD-2012-1175
Malware in sbrugna...
EUVD-2012-1171
Malware in sbrugna...
EUVD-2014-9485
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-9660
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bdfparseglyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a...