739 matches found
CVE-2014-4483
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted font file in a PDF document...
Apple TV and iOS Font File Handling Buffer Overflow Vulnerability
Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. Apple TV and iOS handle a buffer overflow vulnerability in font files,...
ICU: font parsing OOB read (OpenJDK 2D, 8056276)
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...
FreeType: Arbitrary code execution
Background FreeType is a high-quality and portable font engine. Description A stack-based buffer overflow exists in Freetype’s cf2hintmapbuild function in cff/cf2hints.c. Impact A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted fo...
ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...
KLA10011 Multiple vulnerabilities in Microsoft Graphics Component
Multiple serious vulnerabilities have been found in a number of Microsoft products full list below. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. Below is a complete list of vulnerabilities 1. Vectors related to unknown vulnerabilities can...
IrfanView 4.33 Format PlugIn TTF File Parsing Stack Based Overflow
No description provided by source. Application: IrfanView 4.33 Format PlugIn TTF File Parsing Stack Based Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49319 PRL: 2012-11 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com...
Microsoft Unicode Scripts Processor - Remote Code Execution
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Final Binary Analysis | | | | || / \ || | | | || ||// \/|/ ''' ''' Title : Microsoft Unicode Scripts Processor Remote Code Execution Version : usp10.dll XP , Vista Analysis :...
CVE-2014-1817
usp10.dll in Uniscribe aka the Unicode Script Processor in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting...
Microsoft Office Remote Code Execution Vulnerabilities (2967487)
This host is missing a critical security update according to Microsoft Bulletin MS14-036. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...
CVE-2014-0209
Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffe...
DEBIAN-CVE-2014-2240
Stack-based buffer overflow in the cf2hintmapbuild function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large number of stem hints in a font file...
CVE-2014-2240
Stack-based buffer overflow in the cf2hintmapbuild function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large number of stem hints in a font file...
CVE-2014-2240
Stack-based buffer overflow in the cf2hintmapbuild function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large number of stem hints in a font file...
CVE-2014-2240
FreeType 2.x vulnerable: CVE-2014-2240 is a stack-based buffer overflow in cf2hints.c (cf2_hintmap_build) that can crash or potentially allow arbitrary code execution via crafted OpenType fonts with many stem hints. Affects FreeType versions before 2.5.3 (per initial description). Remediation typ...
CVE-2014-2240
Stack-based buffer overflow in the cf2hintmapbuild function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large number of stem hints in a font file...
CVE-2014-2240
Stack-based buffer overflow in the cf2hintmapbuild function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large number of stem hints in a font file...
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-283)
An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...