23019 matches found
Updated libxmp packages fix security vulnerabilities
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbisdeinit CVE-2023-45680: Null pointer dereference in vorbisdeinit CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in startdecoder CVE-2023-45677: Heap buffer out of bounds...
OSV-2026-895 Heap-buffer-overflow in ihevcd_fmt_conv
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=521437880 Crash type: Heap-buffer-overflow WRITE 8 Crash state: ihevcdfmtconv ihevcdprocessthread startthread...
PT-2026-48502
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...
draw.io 跨站脚本漏洞
Draw.IO is an open-source configurable charting and whiteboard application. Versions of Draw.IO prior to 29.7.12 had a cross-site scripting vulnerability. This vulnerability occurred because the feature detection routine in the Text Format panel did not clean up the original cell labels, allowing...
image-size 安全漏洞
image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the ICNS parser, which could allow remote attackers to permanently block the Node.js event...
CVE-2026-48292
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48291
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-71319
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...
CVE-2026-48291 Format Plugins | Heap-based Buffer Overflow (CWE-122)
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
EUVD-2026-35835
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48291 Format Plugins | Heap-based Buffer Overflow (CWE-122)
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48291
Affected software: Format Plugins, versions 1.1.2 and earlier. Root cause: Heap-based buffer overflow. Impact: Arbitrary code execution in the context of the current user. Exploit information: Requires user interaction; a victim must open a malicious file. Notes: Details are taken from the CVE en...
EUVD-2026-35834
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48292 Format Plugins | Heap-based Buffer Overflow (CWE-122)
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48292
Format Plugins versions 1.1.2 and earlier are affected by a heap-based buffer overflow that could allow arbitrary code execution in the current user context. Exploitation requires user interaction (victim must open a malicious file). CVSSv3.1 base score 7.8 (HIGH); attack vector LOCAL, privileges...
CVE-2026-48292 Format Plugins | Heap-based Buffer Overflow (CWE-122)
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
EUVD-2026-35795
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...
EUVD-2026-35656
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
EUVD-2026-35655
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
CVE-2026-40404
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...