Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2026/07/07 3:13 p.m.9 views

SUSE CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/06 6:49 p.m.32 views

CVE-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS0.00361EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/07/06 6:49 p.m.7 views

CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS6AI score0.00361EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:49 p.m.6 views

CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS6AI score0.00361EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/07/06 6:49 p.m.17 views

CVE-2026-54060

The issue affects Pillow (Python imaging library). In FontFile.compile(), per-glyph images were assembled into a single bitmap using Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), enabling an attacker to trigger excessive memory allocation during conversion or s...

7.5CVSS6AI score0.00361EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.38 views

Huawei EulerOS: Security Advisory for libXfont (EulerOS-SA-2019-2357)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.1AI score0.08355EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/01/22 10:58 p.m.30 views

CVE-2017-13720

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS3.8AI score0.00442EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/12 12:0 a.m.6 views

libxfont Denial of Service Vulnerability

libXfont is an X font processing library for servers and utilities from the X.Org Foundation. A denial of service vulnerability exists in the 'PatternMatch' function of the fontfile/fontdir.c file in libXfont versions 1.5.2 and earlier and version 2.x before 2.0.2. An attacker can exploit this...

7.1CVSS6.9AI score0.00442EPSS
Exploits0References1
CVE
CVE
added 2017/10/11 5:0 p.m.129 views

CVE-2017-13720

Summary: LibXfont (libXfont and libXfont2) contains a vulnerability in the PatternMatch function (fontfile/fontdir.c). The flaw allows a buffer over-read during font pattern matching, potentially leading to information disclosure or a crash. It affects libXfont up to 1.5.2 and libXfont2 up to 2.x...

7.1CVSS5.9AI score0.00442EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2017/10/11 5:0 p.m.50 views

CVE-2017-13720

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS7AI score0.00442EPSS
Exploits0
Cvelist
Cvelist
added 2017/10/11 5:0 p.m.30 views

CVE-2017-13720

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

6AI score0.00442EPSS
Exploits0References6
Rows per page
Query Builder