freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

EUVD-2015-6949

Malware in sbrugna...

EUVD-2006-4388

Malware in sbrugna...

EUVD-2015-5721

Malware in sbrugna...

EUVD-2015-3716

Malware in sbrugna...

EUVD-2015-5890

Malware in sbrugna...

EUVD-2015-6940

Malware in sbrugna...

EUVD-2015-6941

Malware in sbrugna...

High-Logic FontCreator 缓冲区错误漏洞

High-Logic FontCreator is a font editor from High-Logic. A security vulnerability exists in High-Logic FontCreator version 15.0.0.3015, which originates from an out-of-bounds read when processing specially crafted font files...

RHEL 7 : freetype (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - FreeType: Buffer overflow in sfntinitface CVE-2022-27404 - The parsecharstrings function in type1/t1load....

Apple macOS Ventura Security Vulnerability

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.3, which stems from the handling of font files that may lead to arbitrary code execution...

USN-6062-1 freetype vulnerability

It was discovered that FreeType incorrectly handled certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code...

CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

USN-5528-1 freetype vulnerabilities

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code...

Apple iTunes 缓冲区错误漏洞

Apple iTunes is a suite of media player applications from Apple, Inc. that are used to play and manage digital music and video files. A buffer error vulnerability exists in versions prior to iTunes 12.11.3, which stems from a boundary condition in the CoreText component when handling specially...

Apple macOS Security Breach

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS that stems from insufficient validation of user-supplied input when processing font files in the FontParser component of macOS. A remote attacker could trick a...

Apple FontParser Buffer Error Vulnerability

Apple FontParser is a font parsing program from Apple Inc. A security vulnerability exists in Apple FontParser that stems from a boundary condition when processing font files within the FontParser component in macOS. A remote attacker can create a specially crafted file, trick a victim into openi...

The vulnerability of the Windows operating system’s font library, allowing a hacker to execute arbitrary code

The vulnerability of the Windows operating system’s font library relates to the improper handling of embedded fonts. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted font file from a remote location...

ALPINE-CVE-2018-6942

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the InsGETVARIATION function within ttinterp.c could lead to DoS via a crafted font file...

Apple macOS High Sierra CoreText Memory Corruption Vulnerability

Apple macOS High Sierra is a set of Apple's dedicated operating system for Mac computers, and CoreText is one of the text engines that provides control over text formatting and text layout. A security vulnerability exists in the CoreText component of Apple macOS High Sierra versions prior to...