CVE-2025-55780

A null pointer dereference occurs in the function breakwordforoverflowwrap in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fzhtmlsplitflow to split a FLOWWORD node, but does not check if node-next is valid before accessing node-next-overflowwrap, resulti...

CVE-2025-55780

CVE-2025-55780 describes a null pointer dereference in MuPDF 1.26.4 when rendering malformed EPUBs. The crash arises in break_word_for_overflow_wrap() after calling fz_html_split_flow() if node->next is invalid and is dereferenced as node->next->overflow_wrap, potentially allowing an att...

drm/amd/display: Prevent crash when disable stream

...

CVE-2025-0546

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This...

SUSE CVE-2023-53444

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix bulkmove corruption when adding a entry When the resource is the first in the bulkmove range, adding it again thus moving it to the tail will corrupt the list since the first pointer is not moved. This eventually lea...

Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages

Summary We identified a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. Any party capable of injecting content into chat messages, such as hosting a malicious page for prompt injection, operating ...

CVE-2025-59417

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the...

CVE-2023-53389

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached The MediaTek DisplayPort interface bridge driver starts its interrupts as soon as its probed. However when the interrupts trigger the bridge might not have been...

DEBIAN-CVE-2022-50398

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: add atomiccheck to bridge ops DRM committails will disable downstream crtc/encoder/bridge if both disable crtc is required and crtc-active is set before pushing a new frame downstream. There is a rare case that user...

DEBIAN-CVE-2022-50390

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN:...

CVE-2023-53389 drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached The MediaTek DisplayPort interface bridge driver starts its interrupts as soon as its probed. However when the interrupts trigger the bridge might not have been...

CVE-2022-50398 drm/msm/dp: add atomic_check to bridge ops

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: add atomiccheck to bridge ops DRM committails will disable downstream crtc/encoder/bridge if both disable crtc is required and crtc-active is set before pushing a new frame downstream. There is a rare case that user...

CVE-2022-50398 drm/msm/dp: add atomic_check to bridge ops

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: add atomiccheck to bridge ops DRM committails will disable downstream crtc/encoder/bridge if both disable crtc is required and crtc-active is set before pushing a new frame downstream. There is a rare case that user...

CVE-2022-50360

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

CVE-2022-50360

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

UBUNTU-CVE-2022-50368

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork:...

CVE-2022-50369 drm/vkms: Fix null-ptr-deref in vkms_release()

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkmsrelease A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms-output.composerworkq in vkmsrelease. KASAN: null-ptr-deref in range 0x0000000000000118-0x000000000000011f CP...

CVE-2022-50360

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

CVE-2022-50360 drm/msm/dp: fix aux-bus EP lifetime

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

CVE-2025-39807

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add error handling for old state CRTC in atomicdisable Introduce error handling to address an issue where, after a hotplug event, the cursor continues to update. This situation can lead to a kernel panic due to...