27 matches found
Astra Linux – Vulnerability in Qt4-X11, qtsvg-opensource-src
In Qt versions prior to 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, the initialization of munitsPerEm in QtSvg QSvgFont is handled incorrectly...
OESA-2025-2791 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
EUVD-2024-32701
Malicious code in bioql PyPI...
EUVD-2024-3587
Malicious code in bioql PyPI...
CVE-2022-45133
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload...
UBUNTU-CVE-2025-50422
Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...
RHEL 7 : freetype (RHSA-2025:3395)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3395 advisory. FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs...
GHSA-GRHH-R4JJ-8JH7 tecnickcom/tc-lib-pdf-font mishandles fonts
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security issue with fbcondosetfont in fbcon...
OESA-2023-1580 qt security update
Qt pronounced as "cute", not "cu-tee" is a cross-platform framework that is usually used as a graphical toolkit, although it is also very helpful in creating CLI applications. It runs on the three major desktop OSes, as well as on mobile OSes, such as Symbian, Nokia Belle, Meego Harmattan, MeeGo ...
OESA-2023-1579 qt security update
Qt pronounced as "cute", not "cu-tee" is a cross-platform framework that is usually used as a graphical toolkit, although it is also very helpful in creating CLI applications. It runs on the three major desktop OSes, as well as on mobile OSes, such as Symbian, Nokia Belle, Meego Harmattan, MeeGo ...
AZL-26670 CVE-2023-32573 affecting package qt5-qtsvg for versions less than 5.15.9-1
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled...
November 8, 2022—KB5019966 (OS Build 17763.3650) - EXPIRED
None None...
October 25, 2022—KB5018482 (OS Builds 19042.2193, 19043.2193, and 19044.2193) Preview
None None...
October 25, 2022—KB5018485 (OS Build 20348.1194) Preview
None None...
June 18, 2019—KB4501371 (OS Build 17763.592)
None None...
OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022)
Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...
CVE-2019-10044
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if for example Latin and Cyrillic characters...
MS16-042: Description of the security update for Word Automation Services on SharePoint Server 2013: April 12, 2016
MS16-042: Description of the security update for Word Automation Services on SharePoint Server 2013: April 12, 2016 Summary This security update resolves vulnerabilities in SharePoint that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these...
PT-2016-1278 · Mozilla +6 · Firefox Esr +7
Name of the Vulnerable Software and Affected Versions: Libgraphite versions 1.2.4 Mozilla Firefox versions prior to 43.0 Firefox ESR versions prior to 38.6.1 Description: The issue is related to the SillMap::readFace function in FeatureMap.cpp, which mishandles a return value. This can be exploit...