6686 matches found
Simple DirectMedia Layer SDL2_image do_layer_surface Double-Free Vulnerability
Summary A double-Free vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. Tested Versions Simple DirectMedia Lay...
Simple DirectMedia Layer SDL2_image ICO Pitch Handling Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigg...
CVE-2018-4902
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted P...
CVE-2018-4902
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted P...
CVE-2018-4902
CVE-2018-4902 affects Adobe Acrobat Reader (Windows/macOS) versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier. It is a use-after-free in the rendering engine triggered by a crafted PDF containing a video annotation with embedded JavaScript, leading to ...
CVE-2016-0345
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786...
Design/Logic Flaw
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786...
CVE-2016-0345
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786...
CVE-2016-0345
IBM TRIRIGA Application Platform 3.3/3.4/3.5 are affected by CVE-2016-0345, which allows remote authenticated users to disclose the installation path through Birt report rendering. Root cause is information disclosure via Birt report rendering paths. Remediations are to upgrade to fixed fix packs...
CVE-2016-0345
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786...
[SECURITY] Fedora 27 Update: freetype-2.8-8.fc27
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
Multiple Adobe products rendering engine memory misreference vulnerability
Acrobat DC Continuous Track and so on are the United States of America Ordoby Adobe company's products. Acrobat DC Continuous Track is a desktop version of the continuous update of the PDF solution. Reader DC Continuous Track is a continuous update of the PDF reading tool! The rendering engine is...
February 13, 2018—KB4074592 (OS Build 15063.909)
February 13, 2018—KB4074592 OS Build 15063.909 Note The release also contains updates for Windows 10 Mobile OS Build 15063.850 released on January 5, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key...
The vulnerability of the mozilla::SVGGeometryFrame::GetCanvasTM() function in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a attacker to trigger a service failure.
The vulnerability of the mozilla::SVGGeometryFrame::GetCanvasTM function in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird arises due to the execution of operations beyond the buffer boundaries when rendering hidden SVG elements. Exploiting this vulnerability can...
Debian: Security Advisory (DLA-1013-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 26 Update: webkitgtk4-2.18.6-1.fc26
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
Security update for webkit2gtk3 (important)
This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of "high" resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-5753...
openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)
This update for webkit2gtk3 fixes the following issues : Update to version 2.18.5 : + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-575...
[SECURITY] Fedora 27 Update: webkitgtk4-2.18.6-1.fc27
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
Vulnerability Spotlight: Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability
This vulnerability was discovered by Tyler Bohan of Cisco Talos. Executive Summary Walt Disney PTEX is an open source software application maintained by Walt Disney Animation Studios. It is designed for use in post-production rendering. It allows for the storage of thousands of texture mappings...