52 matches found
Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src
A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...
Inefficient Algorithmic Complexity
Overview @chenglou/pretext is a Fast, accurate & comprehensive text measurement & layout Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the isRepeatedSingleCharRun function during text analysis. An attacker can cause significant performance...
[SECURITY] Fedora 42 Update: perl-HarfBuzz-Shaper-0.033-1.fc42
HarfBuzz::Shaper is a perl module that provides access to a small subset of the native HarfBuzz library. The subset is suitable for typesetting programs that need to deal with complex languages like Devanagari. This module is intended to be used with module L...
[SECURITY] Fedora 43 Update: perl-HarfBuzz-Shaper-0.033-2.fc43
HarfBuzz::Shaper is a perl module that provides access to a small subset of the native HarfBuzz library. The subset is suitable for typesetting programs that need to deal with complex languages like Devanagari. This module is intended to be used with module L...
EUVD-2019-8179
Malware in sbrugna...
Complete Evasion, Zero Modification: PDF Attacks on AI Text Detection
AI-generated text detectors have become essential tools for maintaining content authenticity, yet their robustness against evasion attacks remains questionable. We present PDFuzz, a novel attack that exploits the discrepancy between visual text layout and extraction order in PDF documents. Our...
The vulnerability of the QTextLayout component of the cross-platform software development framework for Qt, which allows a hacker to trigger a service failure.
The vulnerability of the QTextLayout component of the cross-platform software development framework for Qt is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created SVG file...
OESA-2023-1387 qt5-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established,...
AZL-26877 CVE-2023-32763 affecting package qt5-qtbase for versions less than 5.12.11-8
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered...
SUSE CVE-2017-5447
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
SUSE CVE-2019-18397
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...
GHSA-5QXQ-VGMM-Q39M RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Impact The user controlled twig templates rendering in Pimcore/Mail & ClassDefinition\Layout\Text is vulnerable to server-side template Injection RCE. Patches Update to version 10.5.9 or apply this patch manually https://github.com/pimcore/pimcore/pull/13347.patch Workarounds Apply...
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Impact The user controlled twig templates rendering in Pimcore/Mail & ClassDefinition\Layout\Text is vulnerable to server-side template Injection RCE. Patches Update to version 10.5.9 or apply this patch manually https://github.com/pimcore/pimcore/pull/13347.patch Workarounds Apply...
Important: fribidi
Issue Overview: A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered b...
Updated fribidi packages fix security vulnerability
Updated fribidi packages fix security vulnerability: A stack buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text conten...
CVE-2019-18397
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...
CVE-2019-18397
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...
Buffer overflow
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...
CVE-2019-18397
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...
CVE-2019-18397
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...