{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0241", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-01-06T14:49:09.192Z", "datePublished": "2025-01-07T16:07:06.824Z", "dateUpdated": "2026-04-13T14:30:08.648Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.6", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "134", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.6", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "134", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6."}]}], "title": "Memory corruption when using JavaScript Text Segmentation", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}], "credits": [{"lang": "en", "value": "Nils Bars"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:08.648Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-401", "lang": "en", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-08T17:27:29.787356Z", "id": "CVE-2025-0241", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T21:31:19.824Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:33:42.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:33:42.156Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-0241", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-08T17:27:29.787356Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-08T17:32:30.404Z"}}], "cna": {"title": "Memory corruption when using JavaScript Text Segmentation", "credits": [{"lang": "en", "value": "Nils Bars"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "128.6", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "134", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.6", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "134", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}], "descriptions": [{"lang": "en", "value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "supportingMedia": [{"type": "text/html", "value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:08.648Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0241", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:08.648Z", "dateReserved": "2025-01-06T14:49:09.192Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-01-07T16:07:06.824Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "AEBB7F43-496D-4A67-8E9E-EEE29913B6DE", "versionEndExcluding": "128.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FDCA935-A68D-404E-A749-CA3845C709F0", "versionEndExcluding": "134.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "C92D62DE-A681-4B9D-9640-D12D04392A1B", "versionEndExcluding": "128.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A633E231-80F8-4A92-BA69-B9BE5BE45D00", "versionEndExcluding": "134.0", "versionStartIncluding": "129.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6."}, {"lang": "es", "value": "Al segmentar texto especialmente manipulado, la segmentaci\u00f3n corromp\u00eda la memoria y provocaba un bloqueo que pod\u00eda explotarse. Esta vulnerabilidad afecta a Firefox < 134 y Firefox ESR < 128.6."}], "id": "CVE-2025-0241", "lastModified": "2026-04-13T15:16:32.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-07T16:15:38.767", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0132", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.6.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0144", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.6.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0281", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.6.0-3.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0133", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0286", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.6.0-3.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0137", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.6.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0284", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.6.0-3.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0080", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.6.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0147", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.6.0-3.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0162", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.6.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0165", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.6.0-3.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0138", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.6.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0167", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.6.0-3.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0135", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.6.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0166", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.6.0-3.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}], "bugzilla": {"description": "firefox: Memory corruption when using JavaScript Text Segmentation", "id": "2336168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336168"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash."], "name": "CVE-2025-0241", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox:flatpak/firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird:flatpak/thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-07T16:07:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0241\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0241\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1933023\nhttps://www.mozilla.org/security/advisories/mfsa2025-01/\nhttps://www.mozilla.org/security/advisories/mfsa2025-02/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-21T22:31:16.026238+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 134 or ESR 128.6, and upgrade Thunderbird to version 134 or ESR 128.6.", "In environments where an upgrade is delayed, enforce script execution restrictions or disable the JavaScript text segmentation feature if the application provides such configuration control, and monitor user activity for anomalous crashes.", "Apply OS and dependency patches from the vendor or distribution to ensure all related libraries are up to date, reducing the window for exploitation.", "For custom or third\u2011party modules that process text in JavaScript, audit the code for bounds checking and use\u2011after\u2011free, and refactor to use safe string handling practices (CWE-119, CWE-401 mitigation)."], "summary": {"action": "Immediate Patch", "impact": "Crash via memory corruption"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Mozilla Thunderbird are affected, including all builds prior to Firefox 134 (and ESR 128.6) and Thunderbird 134 (and ESR 128.6). These versions run on various Linux distributions, including Red Hat Enterprise Linux derivatives as noted by the associated CPEs.", "description_and_impact": "The vulnerability is triggered when JavaScript processes specially crafted text during segmentation, causing memory corruption that may result in a crash, potentially exploitable. The flaw is a classic buffer overread/write (CWE-119) that can lead to a use-after-free condition (CWE-401).", "risk_and_exploitability": "The CVSS score of 7.7 indicates high severity while the EPSS score of less than 1% suggests a low probability of exploitation in the short term. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through malicious or maliciously crafted web content or local files that trigger the vulnerable text segmentation routine; the exact vector is inferred from the description of memory corruption during text processing."}}}}, "created": "2026-04-21T22:45:16.067247+00:00", "updated": "2026-04-21T22:45:16.067263+00:00", "vendors": []}