| CVE-2026-22693 |
Harfbuzz |
HarfBuzz prior to version 12.3.0 has a null pointer dereference vulnerability in SubtableUnicodesCache::create, where hb_malloc's NULL return is not checked before placement new, causing segmentation fault under memory allocation failure. Patched in 12.3.0. |
JungWoo Park |
link |
| CVE-2025-23339 |
NVIDIA CUDA Toolkit |
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump. |
DongHa Lee |
link |
| CVE-2025-43511 |
Apple WebKit |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
DongHa Lee |
link |
| CVE-2025-43338 |
Apple ImageIO |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.2, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. |
DongHa Lee |
link |
| CVE-2025-43401 |
Apple CoreAnimation |
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A remote attacker may be able to cause a denial-of-service. |
DongHa Lee |
link |
| CVE-2025-43287 |
Apple ImageIO |
ImageIO is a macOS framework for reading and writing image files. A memory-corruption vulnerability allowed a malicious image to corrupt process memory. Apple fixed the issue by improving memory handling. |
DongHa Lee |
link |
| CVE-2025-43372 |
Apple CoreMedia |
CoreMedia is Apple media framework for handling audio and video content. A flaw in CoreMedia allowed a malicious media file to cause app crashes or memory corruption. Apple fixed the issue by improving input validation on iPhone 11 and later and corresponding iPad models. |
DongHa Lee |
link |
| CVE-2025-53015 |
ImageMagick |
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue. |
Shinyoung Won and DongHa Lee |
link |
| CVE-2025-4605 |
USD for Maya |
The USD (Universal Scene Description) plugin for Autodesk Maya has been affected by the vulnerability listed below. Exploitation of this vulnerability can lead to arbitrary code execution. Exploitation of this vulnerability requires user interaction. |
DongHa Lee |
link |