Kohler
Products
3- 6 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000421 | Cri | 0.64 | 9.8 | 0.03 | Jan 2, 2018 | Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution | ||
| CVE-2020-19752 | Hig | 0.49 | 7.5 | 0.02 | Sep 7, 2021 | The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | ||
| CVE-2026-25156 | 0.00 | — | 0.00 | Jan 30, 2026 | HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. (The intended behavior was for only… | |||
| CVE-2026-23878 | 0.00 | — | 0.00 | Jan 19, 2026 | HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs,… | |||
| CVE-2026-23836 | 0.00 | — | 0.00 | Jan 19, 2026 | HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2. | |||
| CVE-2023-46009 | Hig | 0.00 | 7.8 | 0.00 | Oct 18, 2023 | gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. | ||
| CVE-2023-44821 | Med | 0.00 | 5.5 | 0.00 | Oct 9, 2023 | Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in… | ||
| CVE-2023-36193 | Hig | 0.00 | 7.8 | 0.00 | Jun 23, 2023 | Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. | ||
| CVE-2017-18120 | Hig | 0.00 | 7.8 | 0.02 | Feb 2, 2018 | A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. | ||
| CVE-2015-3905 | 0.00 | — | 0.07 | Jun 8, 2015 | Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. |
- risk 0.64cvss 9.8epss 0.03
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution
- risk 0.49cvss 7.5epss 0.02
The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.
- CVE-2026-25156Jan 30, 2026risk 0.00cvss —epss 0.00
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. (The intended behavior was for only…
- CVE-2026-23878Jan 19, 2026risk 0.00cvss —epss 0.00
HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs,…
- CVE-2026-23836Jan 19, 2026risk 0.00cvss —epss 0.00
HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2.
- risk 0.00cvss 7.8epss 0.00
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.
- risk 0.00cvss 5.5epss 0.00
Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in…
- risk 0.00cvss 7.8epss 0.00
Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.
- risk 0.00cvss 7.8epss 0.02
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.
- CVE-2015-3905Jun 8, 2015risk 0.00cvss —epss 0.07
Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.