CVE-2025-62500

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-65119

Summary (verified): CVE-2025-65119 affects Canva Affinity. Talos reports an out-of-bounds read in the EMF processing of Canva Affinity’s EMF files, caused by the EMR_POLYGON record where a large Count leads to an out-of-bounds read when iterating aPoints. Affected version identified by Talos: Can...

CVE-2025-62403

CANVA AFFINITY CVE-2025-62403 is an EMF parsing vulnerability in the EMF file handling (EMR_EXTTEXTOUTA) that may trigger an out-of-bounds read. Talos reports that the fault is due to an offDx offset using intercharacter spacing past the recordSize, enabling an attacker to read arbitrary memory w...

EUVD-2014-3565

Malware in sbrugna...

Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations

Cybersecurity researchers have proposed a novel approach that harnesses electromagnetic field emanations from the Internet of Things IoT devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation...

EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2695)

According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate...

Side Channel Attack

libgcrypt.so is vulnerable to side-channel attack. The vulnerability exists as the library fails to perform ciphertext blinding for the Elgamal decryption, allowing a local attacker to compromise the server's private key through a crafted ciphertext and analyzing the fluctuations in the...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...