UBUNTU-CVE-2025-38698

In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative isize value. Add a check when opening this file to avoid subsequent operation failures...

CVE-2025-43583

Substance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user...

gimp: psp integer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process...

CVE-2025-21132

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-34121

Adobe Illustrator is affected by CVE-2024-34121 (Integer Overflow/Wraparound) in versions 28.6, 27.9.5 and earlier. The vulnerability could allow arbitrary code execution in the current user context and requires the user to open a malicious file. Updates per APSB24-66 mitigate this issue by movin...

CVE-2023-36864

An integer overflow vulnerability exists in the fstReaderIterBlocks2 tempsignalvaluebuf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

CVE-2023-34436

An out-of-bounds write vulnerability exists in the LXT2 numtimetableentries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

Cross site scripting

Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file X1, V8, or V9 file, information may be disclosed and/or arbitrary code may be executed...

CVE-2023-47582

Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file X1, V8, or V9 file, information may be disclosed and/or arbitrary code may be executed...

CVE-2023-34634

Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened...

CVE-2023-34634

Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened...

CVE-2023-27640

The PrestaShop module tshirtecommerce (Custom Product Designer) version 2.1.4 is affected by a directory traversal vulnerability in the fonts.php endpoint. An attacker can forge HTTP requests using the POST parameter type (and related GET parameters) to traverse the server’s file system and read ...

CVE-2023-21582

Adobe Digital Editions version 4.5.11.187303 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-25893

Adobe Dimension versions 3.4.7 and earlier is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

SUSE CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

CVE-2022-43668

Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product...

Huawei EulerOS: Security Advisory for perl-DBI (EulerOS-SA-2020-2501)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for perl-DBI (moderate)

openSUSE Security Update: Security update for perl-DBI Announcement ID: openSUSE-SU-2020:2051-1 Rating: moderate References: 1176492 Cross-References: CVE-2014-10401 CVE-2014-10402 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...

CVE-2014-10402

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...

MS15-013: Description of the security update for Microsoft Office 2010: February 10, 2015

MS15-013: Description of the security update for Microsoft Office 2010: February 10, 2015 Introduction This security update resolves vulnerabilities that could allow security feature bypass if a specially crafted file is opened in an affected edition of Microsoft Office. Summary Microsoft has...