112 matches found
CVE-2025-71382 MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...
CVE-2025-71382
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...
Astra Linux – Vulnerability in c-ares
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...
CVE-2026-44967
OpenTelemetry-cpp OTLP HTTP exporters (traces/metrics/logs) read entire HTTP responses into an unbounded in-memory byte vector before 1.27.0, enabling memory exhaustion if the collector endpoint is attacker-controlled or the connection is MITM. The issue is fixed in opentelemetry-cpp release 1.27...
EUVD-2026-36466
OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...
Advisory ROSA-SA-2026-3304
Software: mupdf 1.26.10 Operating System: ROSA-CHROME Unaffected versions: = mupdf-1.26.10-2 Affected versions: mupdf-1.26.10-2 CVE-ID: CVE-2026-25556 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability related to double-freeing memory exists in MuPDF versions from 1.23.0 to 1.27.0. This...
EUVD-2026-17412
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...
artifex mupdf 安全漏洞
Artifex MuPDF is a rich-text editor developed by individual developers. Unlike standard text editors, programmers can download free rich-text editors and embed them on their own websites or programs of course, paid versions offer more powerful features. This makes it convenient for users to edit...
CVE-2026-25556 MuPDF 1.23.0 through 1.27.0 Barcode Decoding Double Free
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...
PT-2026-6683
Name of the Vulnerable Software and Affected Versions micropython versions prior to 1.27.0 Description A flaw exists in micropython up to version 1.27.0. This issue is related to memory corruption caused by manipulation of the mp import all function within the py/runtime.c file. The attack requir...
UBUNTU-CVE-2025-6593
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...
PT-2026-6730
Name of the Vulnerable Software and Affected Versions MuPDF versions 1.23.0 through 1.27.0 Description MuPDF versions 1.23.0 through 1.27.0 have a double-free issue in the fz fill pixmap from display list function during display list rendering. This occurs when an exception happens, causing the...
CVE-2025-68148
The CVE-2025-68148 issue affects FreshRSS versions 1.27.0 through before 1.28.0. An attacker could globally deny access to feeds by manipulating proxy settings to generate a flood of 429 Retry-After responses, effectively making the instance unusable for most users. The vulnerability is addressed...
CVE-2025-65089
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...
CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...
CVE-2025-65089
CVE-2025-65089 affects XWiki Remote Macros. Prior to version 1.27.0, a user with no view rights on a page could see the content of an office attachment rendered via the view file macro. This is a data leak due to mis-authorization in the macro rendering path. The issue has been patched in version...
EUVD-2021-0126
Malware in sbrugna...
EUVD-2021-0125
Malware in sbrugna...
EUVD-2025-31653
Malicious code in bioql PyPI...