VYPR
Vendor

Kohler

Products
3
CVEs
10
Across products
10
Status
Private

Products

3

Recent CVEs

10
  • CVE-2017-1000421CriJan 2, 2018
    risk 0.64cvss 9.8epss 0.03

    Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution

  • CVE-2020-19752HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.02

    The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

  • CVE-2026-25156Jan 30, 2026
    risk 0.00cvss epss 0.00

    HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. (The intended behavior was for only…

  • CVE-2026-23878Jan 19, 2026
    risk 0.00cvss epss 0.00

    HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs,…

  • CVE-2026-23836Jan 19, 2026
    risk 0.00cvss epss 0.00

    HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2.

  • CVE-2023-46009HigOct 18, 2023
    risk 0.00cvss 7.8epss 0.00

    gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.

  • CVE-2023-44821MedOct 9, 2023
    risk 0.00cvss 5.5epss 0.00

    Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in…

  • CVE-2023-36193HigJun 23, 2023
    risk 0.00cvss 7.8epss 0.00

    Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.

  • CVE-2017-18120HigFeb 2, 2018
    risk 0.00cvss 7.8epss 0.02

    A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.

  • CVE-2015-3905Jun 8, 2015
    risk 0.00cvss epss 0.07

    Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.