71 matches found
Unity Linux 20.1060e / 20.1070e Security Update: transfig (UTSA-2026-017536)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017536 advisory. An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function computeclosedspline located in transspline.c. It allows an attack...
Astra Linux - уязвимость в fig2dev
A flaw was discovered in fig2dev. This vulnerability allows for availability through local input manipulation using the gengeitpspline function...
Astra Linux - уязвимость в fig2dev
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...
Astra Linux - уязвимость в fig2dev
A issue was discovered in fig2dev prior to 3.2.8. A NULL pointer dereferencing exists in the function computeclosedspline located in transspline.c. This allows an attacker to cause a Denial of Service attack. The fixed version of fig2dev is 3.2.8...
CVE-2026-42481
Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...
EUVD-2026-26678
Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...
CVE-2026-42481
Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...
PT-2026-36494
Name of the Vulnerable Software and Affected Versions Open CASCADE Technology OCCT version V8 0 0 rc5 Description Multiple issues exist in the IGES and STEP file parsers that can be triggered by crafted files. These include an out-of-bounds read reading data outside the intended boundary of a...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow
A flaw was found in FontForge. A remote attacker could exploit a heap-based buffer overflow vulnerability during SFD file parsing. This issue arises from insufficient validation of user-supplied data length before copying it to a buffer. Successful exploitation requires user interaction, such as...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: transfig (UTSA-2026-005916)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005916 advisory. A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function. Tenable has extracted the precedi...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow
A flaw was found in FontForge. A remote attacker could exploit a heap-based buffer overflow vulnerability during SFD file parsing. This issue arises from insufficient validation of user-supplied data length before copying it to a buffer. Successful exploitation requires user interaction, such as...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...