Lucene search
K

186 matches found

NVD
NVD
added 2026/07/01 7:16 a.m.12 views

CVE-2025-15666

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height lead...

5.3CVSS0.00123EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 5:45 a.m.27 views

CVE-2025-15666

Open Asset Import Library Assimp (up to 5.4.3) contains a heap-based buffer overflow in Assimp::SceneCombiner::Copy (file code/Common/SceneCombiner.cpp) caused by manipulation of the width/height argument. Local attack required; exploit disclosed publicly (CVSS metrics indicate PoC maturity). No ...

5.3CVSS5.9AI score0.00123EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, the gdisurfacebits function processed SURFACEBITSCOMMAND messages sent by the RDP server. When these commands were processed using NSCodec, the bmp.width and bmp.height values provided by the server were not...

9.8CVSS6.1AI score0.00656EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Qt Declarative vulnerability (USN-8357-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8357-1 advisory. It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt...

8.7CVSS5.6AI score0.00273EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/01 2:46 p.m.19 views

USN-8357-1: Qt Declarative vulnerability

It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service...

8.7CVSS5.8AI score0.00273EPSS
Exploits0
NVD
NVD
added 2026/05/29 8:16 p.m.14 views

CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

8.8CVSS0.0042EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.13 views

SUSE CVE-2026-46209

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...

7CVSS5.8AI score0.00139EPSS
Exploits0References15
OSV
OSV
added 2026/05/28 10:16 a.m.6 views

UBUNTU-CVE-2026-46209

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46209

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/05/28 9:40 a.m.2 views

CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/28 9:40 a.m.37 views

CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...

7.8CVSS0.00139EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/27 5:31 a.m.11 views

EUVD-2026-32093

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...

6.4CVSS6AI score0.00198EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.22 views

CVE-2026-8899

The CVE-2026-8899 entry concerns the WordPress Auto Thumbnail plugin (versions up to 1.0). Affected component is the athn_thumbnails() function handling the thumbnails shortcode; width and height attributes are unsafely concatenated into an HTML tag, leading to Stored Cross-Site Scripting. Explo...

6.4CVSS6AI score0.00198EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43500

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the as get coin shortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 9:16 p.m.6 views

DEBIAN-CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/26 8:36 p.m.25 views

EUVD-2026-31992

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS5.8AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Image directive plugin using regular expressions that only matched prefixes to validate the wid...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/20 4:52 p.m.11 views

CVE-2026-44636

A flaw was found in libsixel. A signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater than zero, with no upper bound. width and height are multiplied as...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that rely on FreeRDP before version 3.5.1 are vulnerable to out-of-bounds read attacks if nWidth == 0 and nHeight == 0. Version 3.5.1 includes a patch for this issue. There are no known workarounds available...

9.8CVSS7.2AI score0.01193EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 8:17 p.m.14 views

CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.8CVSS0.00104EPSS
Exploits0References1
Rows per page
Query Builder