Lucene search
K

50 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:38 a.m.22 views

Malicious code in tailwind-typography-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29345b97ddc8c5fe985d1a69d53db15e4126052929267a584b463e94f43b0bc3 [email protected] impersonates the legitimate @tailwindcss/typography Tailwind CSS plugin confusable name, copied plugin export shape,...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/09 6:16 a.m.5 views

UBUNTU-CVE-2026-42308

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2011-0458

Malware in sbrugna...

6.8CVSS6AI score0.0421EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2011-5144

Malware in sbrugna...

6.8CVSS6.1AI score0.03355EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-3733

Malware in sbrugna...

7.2CVSS6AI score0.00576EPSS
Exploits0References45
Microsoft CVE
Microsoft CVE
added 2025/10/01 11:10 p.m.7 views

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

...

7.6CVSS7AI score0.1427EPSS
Exploits0
Snyk
Snyk
added 2024/12/27 4:40 a.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to an improper parsing of the TypeOne FontBBox. This is due to improper sanitization of the bbox values, which could lead to inconsistencies in font metrics or unexpected behavior. Remediation Upgrade...

9.8CVSS7.3AI score0.00528EPSS
Exploits0References2
Snyk
Snyk
added 2024/12/27 4:40 a.m.0 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to an improper parsing of the TypeOne FontBBox. This is due to improper sanitization of the bbox values, which could lead to inconsistencies in font metrics or unexpected behavior. Remediation Upgrade...

9.8CVSS7.3AI score0.00528EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/05/12 2:19 a.m.3 views

SUSE CVE-2023-32573

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled...

4.4CVSS8.7AI score0.00877EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.2 views

SUSE CVE-2006-3739

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics AFM files with a modified number of character metrics StartCharMetrics, which leads to a heap-based buffer overflow...

7.2CVSS8AI score0.00576EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.6 views

SUSE CVE-2011-0433

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics AFM...

6.8CVSS8.2AI score0.0421EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2021/08/25 8:52 p.m.4 views

airust (=0.1.6), font (>=0.2.0 <=0.3.2) +6 more potentially affected by CVE-2021-26953 via postscript (>=0.10.1 <=0.11.1)

postscript CARGO version =0.10.1, =0.2.0, =0.0.2, =0.1.0, =0.15.0, =0.1.0, =0.6.3 - text =0.0.4 Source cves: CVE-2021-26953 Source advisory: OSV:GHSA-FHVC-GP6C-H2WX...

7.5CVSS7.1AI score0.01489EPSS
Exploits1
Veracode
Veracode
added 2020/04/10 1:7 a.m.16 views

Denial Of Service (DoS)

TeX Live is vulnerable to Denial of Service DoS. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics AFM files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code...

6.8CVSS4.4AI score0.0421EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2020/04/10 1:7 a.m.25 views

Denial Of Service (DoS)

TeX Live is vulnerable to Denial of Service DoS. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics AFM files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code...

7.6CVSS4.4AI score0.1427EPSS
Exploits0References29Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/02/01 12:0 a.m.50 views

openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)

This update for webkit2gtk3 fixes the following issues : Update to version 2.18.5 : + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-575...

9.3CVSS7.4AI score0.93838EPSS
Exploits102References96
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.37 views

Fedora 27 : webkitgtk4 (2017-3433c9245d)

This update addresses the following vulnerabilities : - CVE-2017-13798, CVE-2017-13788, CVE-2017-13803 Additional fixes : - Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. - Fix handling of null capabilities in WebDriver implementation. Note...

8.8CVSS7.7AI score0.06252EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2017/11/29 12:0 a.m.36 views

Fedora 25 : webkitgtk4 (2017-077334783e)

This update addresses the following vulnerabilities : - CVE-2017-13798, CVE-2017-13788, CVE-2017-13803 Additional fixes : - Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. - Fix handling of null capabilities in WebDriver implementation. Note...

8.8CVSS7.7AI score0.06252EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2017/11/29 12:0 a.m.38 views

Fedora 26 : webkitgtk4 (2017-4d5618a962)

This update addresses the following vulnerabilities : - CVE-2017-13798, CVE-2017-13788, CVE-2017-13803 Additional fixes : - Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. - Fix handling of null capabilities in WebDriver implementation. Note...

8.8CVSS7.7AI score0.06252EPSS
Exploits5References4
CNVD
CNVD
added 2016/07/28 12:0 a.m.1 views

catdvi Denial of Service Vulnerability

Catdvi is a program that converts Turks Device Independent DVI files into readable text. Catdvi-0.14 and previous versions failed to handle the global variable tfmtbl correctly, resulting in uninitialized files being used without initialization when reading specially constructed files, causing nu...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.30 views

Amazon Linux AMI : t1lib (ALAS-2012-40)

Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics AFM files. If a specially crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the...

7.6CVSS6.2AI score0.1427EPSS
Exploits0References6
Rows per page
Query Builder