git: 8b56cab11908 - main - security/vuxml: Add Mozilla vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 24 Jul 2025 16:09:22 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=8b56cab1190826004df366df84e5f440b07b609b
commit 8b56cab1190826004df366df84e5f440b07b609b
Author: Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2025-07-24 14:58:37 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2025-07-24 16:09:03 +0000
security/vuxml: Add Mozilla vulnerabilities
* CVE-2025-8027
* CVE-2025-8028
* CVE-2025-8029
* CVE-2025-8030
* CVE-2025-8031
* CVE-2025-8032
* CVE-2025-8033
* CVE-2025-8034
* CVE-2025-8035
* CVE-2025-8036
* CVE-2025-8037
* CVE-2025-8038
* CVE-2025-8039
* CVE-2025-8040
* CVE-2025-8043
* CVE-2025-8044
---
security/vuxml/vuln/2025.xml | 688 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 688 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 6f2557e17b27..0277bd44c443 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,691 @@
+ <vuln vid="67c6461f-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116">
+ <p>Memory safety bugs present in Firefox 140 and
+ Thunderbird 140. Some of these bugs showed evidence of
+ memory corruption and we presume that with enough effort
+ some of these could have been exploited to run arbitrary
+ code.</p>
+ <p>Focus incorrectly truncated URLs towards the beginning instead of
+ around the origin.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8044</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8044</url>
+ <cvename>CVE-2025-8043</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8043</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="62f1a68f-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- Memory safety bugs</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975058%2C1975998%2C1975998">
+ <p>Memory safety bugs present in Firefox ESR 140.0,
+ Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140.
+ Some of these bugs showed evidence of memory corruption and
+ we presume that with enough effort some of these could have
+ been exploited to run arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8040</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8040</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6088905c-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- Persisted search terms in the URL bar</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1970997">
+ <p>In some cases search terms persisted in the URL bar even after
+ navigating away from the search page.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8039</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8039</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5d91def0-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- Ignored paths while checking navigations</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1808979">
+ <p>Thunderbird ignored paths when checking the validity of
+ navigations in a frame.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8038</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8038</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5abc2187-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- cookie shadowing</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1964767">
+ <p>Setting a nameless cookie with an equals sign in the
+ value shadowed other cookies. Even if the nameless cookie
+ was set over HTTP and the shadowed cookie included the
+ `Secure` attribute.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8037</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8037</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="58027367-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- CORS circumvention</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1960834">
+ <p>Thunderbird cached CORS preflight responses across IP
+ address changes. This allowed circumventing CORS with DNS
+ rebinding.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8036</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8036</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="55096bd3-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- Memory safety bugs</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961">
+ <p>Memory safety bugs present in Firefox ESR 128.12,
+ Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR
+ 140.0, Firefox 140 and Thunderbird 140. Some of these bugs
+ showed evidence of memory corruption and we presume that
+ with enough effort some of these could have been exploited
+ to run arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8035</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8035</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4faa01cb-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- Memory safety bugs</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>115.26</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422">
+ <p>Memory safety bugs present in Firefox ESR 115.25, Firefox
+ ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0,
+ Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some
+ of these bugs showed evidence of memory corruption and we
+ presume that with enough effort some of these could have
+ been exploited to run arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8034</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8034</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4d03efe7-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- nullptr dereference</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>115.26</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1973990">
+ <p>The JavaScript engine did not handle closed generators
+ correctly and it was possible to resume them leading to a
+ nullptr deref.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8033</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8033</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4a357f4b-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- XSLT document CSP bypass</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1974407">
+ <p>XSLT document loading did not correctly propagate the
+ source document which bypassed its CSP.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8032</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8032</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="477e9eb3-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- HTTP Basic Authentication credentials leak</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971719">
+ <p>The `username:password` part was not correctly stripped
+ from URLs in CSP reports potentially leaking HTTP Basic
+ Authentication credentials.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8031</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8031</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="44b3048b-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- Insufficient input escaping</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968414">
+ <p>Insufficient escaping in the Copy as cURL feature could
+ potentially be used to trick a user into executing
+ unexpected code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8030</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8030</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="419bcf99-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- 'javascript:' URLs execution</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1928021">
+ <p>Thunderbird executed `javascript:` URLs when used in
+ `object` and `embed` tags.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8029</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8029</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3e9406a7-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- Incorrect computation of branch address</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>115.26</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971581">
+ <p>On arm64, a WASM `br_table` instruction with a lot of
+ entries could lead to the label being too far from the
+ instruction causing truncation and incorrect computation of
+ the branch address.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8028</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8028</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3c234220-685e-11f0-a12d-b42e991fc52e">
+ <topic>Mozilla -- IonMonkey-JIT bad stack write</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>141.0,2</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>115.26</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>141.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird-esr</name>
+ <range><lt>140.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>128.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@mozilla.org reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968423">
+ <p>On 64-bit platforms IonMonkey-JIT only wrote 32 bits of
+ the 64-bit return value space on the stack. Baseline-JIT,
+ however, read the entire 64 bits.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-8027</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8027</url>
+ </references>
+ <dates>
+ <discovery>2025-07-22</discovery>
+ <entry>2025-07-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3d4393b2-68a5-11f0-b2b4-589cfc10832a">
<topic>gdk-pixbuf2 -- a heap buffer overflow</topic>
<affects>