739 matches found
CVE-2023-27650
An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONTFILE parameter...
APUS Launcher 安全漏洞
APUS Launcher is an application from Kirin Hesheng Technology APUS, a company based in Beijing, China. Automatically sorts your apps by category on the home screen to quickly and easily find the apps you want. A security vulnerability exists in APUS Launcher versions v.3.10.73 and v.3.10.88, whic...
PT-2023-21284 · Apus · Apus Group Launcher
Name of the Vulnerable Software and Affected Versions: APUS Group Launcher versions 3.10.73 through 3.10.88 Description: An issue in the APUS Group Launcher allows a remote attacker to execute arbitrary code via the FONT FILE parameter. Recommendations: For versions 3.10.73 and 3.10.88, consider...
SUSE CVE-2006-1861
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via attack vectors related to 1 bdf/bdflib.c, 2 sfnt/ttcmap.c, 3 cff/cffgload.c, and 4 the readlwfn function and a crafted LWFN file in base/ftmac.c. NOT...
SUSE CVE-2007-1352
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow...
SUSE CVE-2010-0827
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted virtual font VF file associated with a DVI file...
SUSE CVE-2010-2498
The pshglyphfindstrongpoints function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execute arbitrary code via a crafted font file that...
SUSE CVE-2010-2519
Heap-based buffer overflow in the MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file...
SUSE CVE-2010-2527
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...
SUSE CVE-2010-2808
Buffer overflow in the MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File aka LWFN font...
SUSE CVE-2013-6462
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long string in a character name in a BDF font file...
SUSE CVE-2015-3905
Buffer overflow in the setcsstart function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...
SUSE CVE-2017-11576
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict parsettf.c resulting in DoS via a crafted otf file...
grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention...
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...
PHP 8.1.x < 8.1.12 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.1.12. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.12 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allow...
Create Block Theme < 1.2.2 - Unauthenticated Arbitrary File Upload
The plugin does not have authorisation and CSRF checks, as well as does not validate the file to be uploaded, which could allow unauthenticated attackers to upload arbitrary files to the server As unauthenticated user, open The file will be uploaded at...
Horner Automation Cscape 缓冲区错误漏洞
Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation. A buffer error vulnerability exists in Horner Automation Cscape 9.90 SP 7 and prior versions, which arises from failure to properly validate user-supplied data. If a user...
Horner Automation Cscape 缓冲区错误漏洞
Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation. A buffer error vulnerability exists in Horner Automation Cscape 9.90 SP 7 and prior versions, which arises from failure to properly validate user-supplied data, and allows...