CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-46420 – Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c
https://notcve.org/view.php?id=CVE-2025-46420
24 Apr 2025 — A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/security/cve/CVE-2025-46420 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46400 – Xfig: fig2dev segmentation fault in read_arcobject
https://notcve.org/view.php?id=CVE-2025-46400
23 Apr 2025 — Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function. In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. These are all security issues fixed in the transfig-3.2.9a-3.1 package on the GA media of openSUSE Tumbleweed. • https://sourceforge.net/p/mcj/tickets/187 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46399 – Xfig: transfig: fig2dev segmentation fault vulnerability
https://notcve.org/view.php?id=CVE-2025-46399
23 Apr 2025 — Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function. A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. These are all security issues fixed in the transfig-3.2.9a-3.1 package on the GA media of openSUSE Tumbleweed. • https://sourceforge.net/p/mcj/tickets/190 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46398 – Xfig: fig2dev stack-overflow via read_objects
https://notcve.org/view.php?id=CVE-2025-46398
23 Apr 2025 — Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function. In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. These are all security issues fixed in the transfig-3.2.9a-3.1 package on the GA media of openSUSE Tumbleweed. • https://sourceforge.net/p/mcj/tickets/191 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46397 – Xfig: fig2dev stack-overflow
https://notcve.org/view.php?id=CVE-2025-46397
23 Apr 2025 — Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function. In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function. Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. These are all security issues fixed in the transfig-3.2.9a-3.1 package on the GA media of openSUSE Tumbleweed. • https://sourceforge.net/p/mcj/tickets/192 • CWE-121: Stack-based Buffer Overflow •
CVSS: 2.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26819
https://notcve.org/view.php?id=CVE-2023-26819
19 Apr 2025 — cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. cJSON 1.7.15 podría permitir una denegación de servicio a través de un documento JSON manipulado como {"a": true, "b": [ null,99999999999999999999999999999999999999999999912345678901234567]}. • https://github.com/boofish/json_bugs/tree/main/cjson • CWE-440: Expected Behavior Violation •
CVSS: 9.0EPSS: 0%CPEs: 29EXPL: 0CVE-2025-32911 – Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value
https://notcve.org/view.php?id=CVE-2025-32911
15 Apr 2025 — A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. This update for libsoup fixes the following is... • https://access.redhat.com/security/cve/CVE-2025-32911 • CWE-590: Free of Memory not on the Heap •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3523 – thunderbird: User Interface (UI) Misrepresentation of attachment URL
https://notcve.org/view.php?id=CVE-2025-3523
15 Apr 2025 — When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. This update for MozillaThunderbird fixes the following issues. Mozilla Thunderbird 128.9.2 Leak of hashed Window credentia... • https://bugzilla.mozilla.org/show_bug.cgi?id=1958385 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2025-2830 – thunderbird: Information Disclosure of /tmp directory listing
https://notcve.org/view.php?id=CVE-2025-2830
15 Apr 2025 — By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. An update for thunderbird... • https://bugzilla.mozilla.org/show_bug.cgi?id=1956379 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2025-3522 – thunderbird: Leak of hashed Window credentials via crafted attachment URL
https://notcve.org/view.php?id=CVE-2025-3522
15 Apr 2025 — Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vuln... • https://bugzilla.mozilla.org/show_bug.cgi?id=1955372 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-1220: Insufficient Granularity of Access Control •