2575 matches found
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
kernel: md/bitmap: fix GPF in write_page caused by resize race
A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...
freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...
CVE-2026-55827
A flaw was found in FreeRDP. FreeRDP clients using the non-default /cache:codec:rfx option are vulnerable to a heap out-of-bounds write. A malicious Remote Desktop Protocol RDP server can exploit this by manipulating desktop stride and height values during RemoteFX decoding for Cache Bitmap V3...
CVE-2026-55827
CVE-2026-55827 affects FreeRDP prior to 3.27.1. When clients start with the non-default /cache:codec:rfx option, FreeRDP passes desktop stride/height to RemoteFX decoding for Cache Bitmap V3 data and allocates bitmap->data only for the smaller DstWidth/DstHeight in gdi_Bitmap_Decompress, enabl...
CVE-2026-55827
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...
EUVD-2026-43004
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...
CVE-2026-55827 FreeRDP: Heap out-of-bounds write in RemoteFX (RFX) Cache Bitmap V3 decode
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...
freerdp security update
An update is available for freerdp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...
CVE-2026-15182
A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...
Important: Red Hat Security Advisory: freerdp security update
An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
[slackware-security] libXfont2
New libXfont2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libXfont2-2.0.8-i586-1slack15.0.txz: Upgraded. This update fixes security issues: BitmapScaleBitmaps Integer Overflow Heap Buffer...
CVE-2026-56002
A flaw was found in libXfont2. A specially crafted PCF Portable Compiled Format font file, when processed by libXfont2, can lead to a buffer overflow. This occurs because the font parsing process does not properly validate the size of a bitmap buffer against the glyph metrics provided in the...
SUSE CVE-2026-54060
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...
freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...
CVE-2026-55379
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
CVE-2026-54060
The issue affects Pillow (Python imaging library). In FontFile.compile(), per-glyph images were assembled into a single bitmap using Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), enabling an attacker to trigger excessive memory allocation during conversion or s...
SUSE-SU-2026:2739-1 Security update for fontforge
This update for fontforge fixes the following issues - CVE-2025-15269: Remote Code Execution via Use-After-Free in SFD file parsing bsc1256032. - CVE-2025-15275: Arbitrary code execution via SFD file parsing buffer overflow bsc1256025. - CVE-2025-15279: Remote Code Execution via heap-based buffer...
dnsmasq: NSEC bitmap parsing infinite loop
A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...
UBUNTU-CVE-2026-53218
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...