500 matches found
CVE-2026-55999
Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks...
EUVD-2026-42211
A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server...
CVE-2026-56002 libXfont2 PCF Font Parsing Heap Buffer Overflow
A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server...
CVE-2026-56002
A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server...
CVE-2026-56002
The CVE-2026-56002 entry describes a heap buffer overflow in libXfont2’s PCF font parsing (pcfReadFont) due to missing glyph bounds checking, affecting libXfont2 before 2.0.8. An authenticated X client could potentially execute code in the X server. The provided metrics indicate a HIGH severity (...
CVE-2026-55999
Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks...
CVE-2026-54059
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: In the bitPutcs function, the bound-check glyph index was derived from the character value masked by 0xff or 0x1ff. This may lead to reading beyond the end of the built-in font array, exceeding the actual number o...
📄 FreeType SHZ 2.14.3 Heap Buffer Overflow
This Python proof of concept framework is designed for security research into a reported heap buffer overflow condition affecting the FreeType TrueType bytecode interpreter. The code constructs specially crafted font structures intended to exercise the SHZ instruction path, generates malformed...
FreeType Experimental TrueType Glyph Construction
This Python code outlines an experimental framework for constructing synthetic TrueType font structures intended for studying parser behavior, glyph-processing logic, and edge-case handling within font-rendering pipelines...
Font Generator for Embedded Bitmap and Color Glyph Pipeline Robustness Testing
This Python program constructs a handcrafted TrueType font file that combines multiple font subsystems - including embedded bitmap tables, color glyph definitions, glyph mapping structures, and minimal layout metadata - into a single synthetic test artifact...
ROS-20260611-73-0014
The vulnerability of the GlyphAlloc function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
Astra Linux – Vulnerability in xrdp
XRDPTRP is an open-source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounded. Since some of this data is controllable by the user, this can lead to an out-of-bounds read within the xrdp executable. The vulnerability allows for an out-of-bounds read within a...
Astra Linux – Vulnerability in xorg-server
A use-after-free vulnerability was discovered in the ProcRenderAddGlyphs function of Xorg servers. This issue arises when the AllocateGlyph function is called to store new glyphs sent by the client to the X server. As a result, multiple entries may point to the same non-refcounted glyphs...
SUSE CVE-2026-42308
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...
freerdp security update
2:2.11.7-9 - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159850 2:2.11.7-8 - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix growth of preallocated buffers CVE-2026-27951 - Fix heap-buffer-overflow in bitmapcacheput CVE-2026-29775 - Add DSP...
Oracle Linux 10 : freerdp (ELSA-2026-16014)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-16014 advisory. - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix clipboard use-after-free during auto-reconnect CVE-2026-25997 - Fix...
CVE-2026-42308
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...
UBUNTU-CVE-2026-42308
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...
CVE-2026-42308 Pillow: Integer overflow when processing fonts
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...