Lucene search
K

750 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow

A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...

8.5CVSS6.5AI score0.00212EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 11:34 a.m.6 views

BIT-PILLOW-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/07 9:7 a.m.7 views

CVE-2026-55379

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical...

7.5CVSS6AI score0.00364EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed...

7.5CVSS6.7AI score0.00364EPSS
Exploits1References4
Snyk
Snyk
added 2026/07/06 8:42 p.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the FontFile.compile process. An attacker can cause excessive memory allocation by providing a specially crafted font file that triggers uncontrolled resource consumption during image...

8.7CVSS6AI score0.00361EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 8:42 p.m.4 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the bdfchar process when attacker-controlled dimensions from a BDF font file are passed to Image.new without invoking the decompressionbombcheck function. An attacker can cause excessive...

8.7CVSS6AI score0.00364EPSS
Exploits1References2
NVD
NVD
added 2026/07/06 7:17 p.m.7 views

CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS0.00361EPSS
Exploits1References3
CVE
CVE
added 2026/07/06 6:52 p.m.21 views

CVE-2026-55379

Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...

7.5CVSS6AI score0.00364EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/06 6:52 p.m.4 views

CVE-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References5
OSV
OSV
added 2026/07/06 6:49 p.m.7 views

CVE-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References5
Snyk
Snyk
added 2026/07/04 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/01 5:56 p.m.14 views

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

5.3CVSS7.2AI score0.00141EPSS
Exploits0References8
OSV
OSV
added 2026/05/28 11:16 p.m.12 views

DEBIAN-CVE-2026-9960

Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. Chromium security severity: High...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 10:25 p.m.7 views

CVE-2026-9960

Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. Chromium security severity: High...

6.3AI score0.00235EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/28 10:25 p.m.33 views

CVE-2026-9960

Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. Chromium security severity: High...

0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 10:25 p.m.26 views

CVE-2026-9960

The CVE-2026-9960 entry concerns an integer overflow in PDFium within Google Chrome prior to 148.0.7778.216. A remote attacker who gains renderer process access could trigger arbitrary code execution inside the sandbox by processing a crafted font file. Affected software: Chromium-based Chrome wi...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 10:25 p.m.9 views

CVE-2026-9960

Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. Chromium security severity: High...

6.3AI score0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability caused by PDFium integer overflow. This vulnerability could allow remote attackers with access to the renderer process to execute arbitrary code in a sandbo...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/23 4:10 p.m.13 views

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

5.3CVSS7.2AI score0.00141EPSS
Exploits0References8
NVD
NVD
added 2026/04/21 8:16 p.m.5 views

CVE-2026-33812

Parsing a malicious font file can cause excessive memory allocation...

6.1CVSS0.00112EPSS
Exploits0References3
Rows per page
Query Builder