265 matches found
Microsoft Windows - USP10!SubstituteNtoM Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!SubstituteNtoM Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1200 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!SubstituteNtoM function, while trying to display...
Microsoft Windows - USP10!ttoGetTableData Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!ttoGetTableData Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1199 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!ttoGetTableData function, while trying to displ...
Microsoft Windows - USP10!otlValueRecord::adjustPos Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlValueRecord::adjustPos Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1204 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlValueRecord::adjustPos function,...
Microsoft Windows - USP10!MergeLigRecords Uniscribe Font Processing Heap Memory Corruption
Microsoft Windows - USP10!MergeLigRecords Uniscribe Font Processing Heap Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1198 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!MergeLigRecords, while...
Microsoft Windows - USP10!otlSinglePosLookup::getCoverageTable Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlSinglePosLookup::getCoverageTable Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1203 We have encountered a crash in the Windows Uniscribe user-mode library, in the...
Microsoft Windows - USP10!otlReverseChainingLookup::apply Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlReverseChainingLookup::apply Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1205 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlReverseChainingLookup::apply...
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around USP10!BuildFSM (MS
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1029 We have encountered a number of crashes in the Windows Uniscribe user-mode library, while trying to display text using a corrupted font file. While crashes in this specific...
Microsoft Windows - USP10!otlList::insertAt Uniscribe Font Processing Heap-Based Buffer Overflow (MS
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1022 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!otlList::insertAt, while trying to display text using a corrupt...
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1023 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!AssignGlyphTypes function, while trying to display text using a corrupted font file: --- 58d0.5ae4: Access violation - code c0000005 first...
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1031 Through fuzzing, we have discovered a number of different crashes in the Windows Uniscribe user-mode library, while trying to display text using a corrupted font file or calling documented Uniscribe API functions against such...
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1019 We have encountered a crash in the Windows Uniscribe user-mode library, in the usp10!otlChainRuleSetTable::rule function, while trying to display text using a corrupted TTF font file: --- 4464.11b4: Access violation - code...
Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1022 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!otlList::insertAt, while trying to display text using a corrupted font file: --- 4b44.24a8: Access violation - cod...
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1029 We have encountered a number of crashes in the Windows Uniscribe user-mode library, while trying to display text using a corrupted font file. While crashes in this specific family take various shapes and forms, they all occur ...
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!MergeLigRecords (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!MergeLigRecords MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1026&desc=2 We have encountered a crash in the Windows Uniscribe user-mode library, in the memcpy function called by...
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around USP10!BuildFSM (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around USP10!BuildFSM MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1029 We have encountered a number of crashes in the Windows Uniscribe user-mode library, while trying to display text using a...
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1019 We have encountered a crash in the Windows Uniscribe user-mode library, in the usp10!otlChainRuleSetTable::rule...
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds ReadWrite in USP10!AssignGlyphTypes (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds ReadWrite in USP10!AssignGlyphTypes MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1023 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!AssignGlyphTypes function, whil...
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!otlCacheManager::GlyphsSubstituted (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!otlCacheManager::GlyphsSubstituted MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1025 We have encountered a crash in the Windows Uniscribe user-mode library, in the memset function called by...
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1031 Through fuzzing, we have discovered a number of different crashes in the Windows Uniscribe user-mode library, while trying to...
Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in USP10!ttoGetTableData (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in USP10!ttoGetTableData MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1027 We have encountered a crash in the Windows Uniscribe user-mode library, in an unnamed function called by USP10!ttoGetTableDat...