Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/05/15 4:4 p.m.13 views

CVE-2026-42308

A flaw was found in Pillow, a Python imaging library. If a font advances for each glyph by an exceeding large amount, an integer overflow can occur when Pillow tracks the current position. This could lead to a denial of service DoS condition, making the application unavailable. Mitigation To...

6.2CVSS5.8AI score0.00114EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/02 6:2 a.m.1 views

CVE-2026-5315

A flaw was found in Nothings stb. A remote attacker could exploit a vulnerability in the stbttbufget8 function of the stbtruetype.h library by manipulating input. This could lead to an out-of-bounds read, potentially causing a denial of service DoS for affected systems. Mitigation To mitigate thi...

6.5CVSS5.9AI score0.00506EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/01 10:15 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the stbttInitFontinternal function. An attacker can cause the affected component to become unavailable by supplying a specially crafted TrueType font file that triggers an out-of-bounds read. Workaround This...

8.8CVSS5.9AI score0.00664EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.4 views

PT-2024-13215

Name of the Vulnerable Software and Affected Versions fontTools versions 4.28.2 through 4.42.1 Description The subsetting module in fontTools has a XML External Entity Injection XXE vulnerability, allowing an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts containing a S...

7.5CVSS8AI score0.01238EPSS
Exploits1References38
Rows per page
Query Builder