PT-2026-3455

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.21.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. The freerdp bitmap decompress planar function does not properly validate the nSrcWidth and nSrcHeight parameters against...

PT-2026-3467

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.21.0 Description FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw where offscreen bitmap deletion results in the gdi-drawing pointer referencing freed memory. This creates a...

PT-2026-25335

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.0 Description FreeRDP is an implementation of the Remote Desktop Protocol. The gdi surface bits function handles SURFACE BITS COMMAND messages from the RDP server. When using NSCodec, the bmp.width and bmp.height...

PT-2026-25333

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A client-side heap out-of-bounds read/write issue exists in FreeRDP's bitmap cache subsystem. This is due to an incorrect boundary...

PT-2026-25341

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the freerdp bitmap decompress planar function where an out-of-bounds read can occur when the SrcSize is 0. The...

PT-2026-25334

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. An integer underflow exists in the update read cache bitmap order function within FreeRDP's Core Library. Recommendations Update to...

PT-2026-24132

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 ImageMagick versions prior to 6.9.13-41 Description ImageMagick is software used for editing and manipulating digital images. An integer overflow in the DIB coder can lead to out-of-bounds read or write...

CVE-2025-15279

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-15279

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

EUVD-2025-205887

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-15279

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-15278 FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

CVE-2025-15278

CVE-2025-15278 concerns FontForge GUtils XBM file parsing. The flaw is an integer overflow during parsing of pixels in XBM files, caused by inadequate validation of user-supplied data, which leads to an out-of-bounds buffer allocation and allows remote code execution in the affected process. The ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992805 advisory. In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on closerange with CLOSERANGEUNSHARE copyfdbitmapsnew, old, count is expect...

FontForge 安全漏洞

FontForge is an open source font editing tool from fontforge that supports multiple languages. A security vulnerability exists in FontForge that stems from improper validation of data length when parsing BMP file pixels, which could lead to a heap buffer overflow and remote code execution...

Unity Linux 20.1060a Security Update: kernel (UTSA-2025-993174)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993174 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of mdbitmapgetcounter Check the return value of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992873)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992873 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992817)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992817 advisory. In the Linux kernel, the following vulnerability has been resolved: memstick/msblock: Fix a memory leak 'erasedblocksbitmap' is never freed. As it is allocated at th...

Unity Linux 20.1060a Security Update: kernel (UTSA-2025-993125)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993125 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in mdbitmapgetcounter If we write a large number to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-992827)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992827 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in mdbitmapgetcounter If we write a large number to...