123 matches found
CVE-2025-10924
A remote code execution RCE vulnerability exists in GIMP’s FF file parsing functionality. The flaw stems from improper validation of user-supplied data, leading to an integer overflow before buffer allocation. When a user opens a malicious FF image file, the overflow can cause incorrect memory...
EUVD-2025-36714
GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
UBUNTU-CVE-2025-10924
GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2025-10924 GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2025-10924
CVE-2025-10924 affects GIMP FF file parsing and is an integer overflow vulnerability that can lead to remote code execution when a user opens a malicious FF file. Multiple vendor advisories (openSUSE/SUSE, MiracleLinux, Alibaba Cloud Linux, etc.) reference this CVE among a set of GIMP file-parsin...
UBUNTU-CVE-2025-40035
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
PT-2025-49096
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the KVM arm64 component related to memory sharing with FF-A. Insufficient validation of offsets can lead to out-of-bounds access within the hypervisor...
EUVD-2019-9142
Malware in sbrugna...
EUVD-2015-5228
Malware in sbrugna...
EUVD-2023-59828
Malicious code in bioql PyPI...
Malicious code in ff-db (npm)
The package ff-db was found to contain malicious code...
Malicious code in @zalastax/nolb-ff (npm)
The package @zalastax/nolb-ff was found to contain malicious code...
MAL-2025-20425 Malicious code in ff-db (npm)
The package ff-db was found to contain malicious code...
MAL-2025-11439 Malicious code in @zalastax/nolb-ff (npm)
The package @zalastax/nolb-ff was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2019-19524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka...
SUSE CVE-2025-38374
In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous...
CVE-2025-38374
CVE-2025-38374 – Linux kernel (OP-TEE FF-A): The issue arises because OP-TEE’s notif_callback() for FF-A notifications was executed in an atomic context, leading to a sleep and a kernel warning. The fix is to move notification processing to a non-atomic context by using a work queue. Affected des...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that FF-A notification callbacks called in an atomic context may cause sleep...
Malicious code in dof-ff (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d1182a5fa877ae1d59bba4f4eef2ccb27c53c2549f97c27aa6da6ef9ee4701c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...