Lucene search
K

23 matches found

Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-55963

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The FontFile.compile function in the PIL/FontFile.py module fails to call Image. decompression bomb check when assembling per-glyph images into a combined bitmap using Image.new"1", xsize, ysize. Thi...

7.5CVSS6AI score0.00361EPSS
Exploits1References9
OSV
OSV
added 2026/06/08 12:43 p.m.9 views

USN-8399-1 pillow vulnerabilities

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. CVE-2026-42308 It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An...

8.6CVSS7.6AI score0.0015EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/06/08 12:43 p.m.14 views

USN-8399-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. CVE-2026-42308 It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An...

8.6CVSS7.6AI score0.0015EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/04 8:18 p.m.11 views

Pillow has an integer overflow when processing fonts

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References5Affected Software1
Rockylinux
Rockylinux
added 2026/02/15 9:9 a.m.12 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

7.8CVSS7AI score0.00181EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/12 1:6 a.m.10 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS6.6AI score0.00175EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/11 5:6 p.m.12 views

kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling

A flaw was found in the Linux kernel. A local attacker can exploit this vulnerability by providing a specially crafted font glyph index to the bitblit component. This can lead to an out-of-bounds read, potentially resulting in information disclosure or a denial of service...

5.8AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/02/09 12:0 a.m.10 views

ALSA-2026:2282 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation CVE-2025-38415 kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it...

7.8CVSS5.8AI score0.00181EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2026/02/02 4:6 a.m.8 views

kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling

A flaw was found in the Linux kernel. A local attacker can exploit this vulnerability by providing a specially crafted font glyph index to the bitblit component. This can lead to an out-of-bounds read, potentially resulting in information disclosure or a denial of service...

5.8AI score0.00175EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/12/09 12:24 a.m.8 views

SUSE CVE-2025-40322

In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bitputcs bitputcsaligned/unaligned derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the...

5.3CVSS6.2AI score0.00175EPSS
Exploits0References26
Zero Day Initiative
Zero Day Initiative
added 2024/10/31 12:0 a.m.10 views

Apple macOS CoreFoundation Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS5.7AI score0.00818EPSS
Exploits0References1
Mageia
Mageia
added 2023/12/01 11:54 a.m.54 views

Updated xrdp packages fix security vulnerability

The updated packages fix a security vulnerability Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a...

6.5CVSS6.8AI score0.0063EPSS
Exploits0References2
NVD
NVD
added 2023/09/27 6:15 p.m.22 views

CVE-2023-42822

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...

6.5CVSS5.6AI score0.0063EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/09/27 6:15 p.m.24 views

CVE-2023-42822

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...

6.5CVSS6.4AI score0.0063EPSS
Exploits0References3
OSV
OSV
added 2023/09/27 6:15 p.m.4 views

UBUNTU-CVE-2023-42822

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...

6.5CVSS5.8AI score0.0063EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/09/27 5:55 p.m.26 views

CVE-2023-42822 Unchecked access to font glyph info in xrdp

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...

4.6CVSS5.5AI score0.0063EPSS
Exploits0References5
CVE
CVE
added 2023/09/27 5:55 p.m.113 views

CVE-2023-42822

CVE-2023-42822 affects xrdp. Access to font glyphs in xrdp_painter.c is not bounds-checked, allowing an out-of-bounds read (potentially followed by a write) in an xrdp process that may run with root privileges on non-Debian platforms. The issue is addressed in release 0.9.23.1; upgrade recommende...

6.5CVSS5.5AI score0.0063EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2023/09/27 5:55 p.m.21 views

CVE-2023-42822

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...

6.5CVSS6.5AI score0.0063EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.26 views

FreeBSD : xrdp -- unchecked access to font glyph info (af065e47-5d62-11ee-bbae-1c61b4739ac9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the af065e47-5d62-11ee-bbae-1c61b4739ac9 advisory. - xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is...

6.5CVSS5.8AI score0.0063EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.4 views

SUSE CVE-2009-1099

Integer signedness error in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and...

7.5CVSS8.1AI score0.0566EPSS
Exploits0References9
Rows per page
Query Builder