25 matches found
CVE-2026-4546
CVE-2026-4546 affects Flos Freeware Notepad2 4.2.25, where a weakness in the TextShaping.dll library leads to an uncontrolled search path. The issue is exploitable only via local access with high attack complexity and low privileges required, potentially impacting confidentiality, integrity, and ...
PT-2026-27008
Name of the Vulnerable Software and Affected Versions Flos Freeware Notepad2 version 4.2.25 Description A weakness exists in Flos Freeware Notepad2 4.2.25, impacting an unknown function within the TextShaping.dll library. Exploitation involves a manipulation that can lead to an uncontrolled searc...
CVE-2026-22693
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...
CVE-2023-53959 FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code...
CVE-2023-53959
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code...
CVE-2024-56732
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...
PT-2025-5990 · Tally · Tally Prime Edit Log
Name of the Vulnerable Software and Affected Versions: Tally Prime Edit Log version 2.1 Description: A DLL hijacking issue was discovered in the TextShaping.dll component, allowing attackers to execute arbitrary code through a manipulated DLL. This issue enables the execution of arbitrary code vi...
CVE-2024-56732
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...
CVE-2024-56732
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...
CVE-2024-56732 HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...
HarfBuzz: Denial of Service
Background HarfBuzz is an OpenType text shaping engine. Description Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details. Impact hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger On^2 growth via consecutive marks...
CVE-2022-44939
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL...
CVE-2021-40465
Windows Text Shaping Remote Code Execution Vulnerability...
CVE-2021-40465
Windows Text Shaping Remote Code Execution Vulnerability...
Remote code execution
Windows Text Shaping Remote Code Execution Vulnerability...
CVE-2021-40465
CVE-2021-40465, Windows Text Shaping Remote Code Execution Vulnerability, is documented with CVSS 3.1 base score 7.8 (HIGH) and CVSS2 base 6.8 (MEDIUM) by NVD/Microsoft, indicating LOCAL exploitability with LOW attack complexity and user interaction required. The available sources in the provided...
CVE-2021-40465 Windows Text Shaping Remote Code Execution Vulnerability
...
Windows Text Shaping Remote Code Execution Vulnerability
...
KLA12309 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service. Below is a...
Microsoft Windows 代码注入漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Text Shaping. The following products and editions are affected: Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 19...