CLSA-2026-1777456424 gcc: Fix of CVE-2021-42574

CVE-2021-42574: add -Wbidi-chars warning for Unicode bidirectional text...

CLSA-2026-1777310036 gcc: Fix of CVE-2021-42574

CVE-2021-42574: add -Wbidi-chars warning for Unicode bidirectional text...

MiracleLinux 8 : annobin-9.72-1.el8.2 (AXSA:2022-2958:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2958:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

EUVD-2016-6114

Malware in sbrugna...

EUVD-2015-5829

Malware in sbrugna...

EUVD-2016-6231

Malware in sbrugna...

EUVD-2011-3858

Malware in sbrugna...

SUSE CVE-2010-3166

Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run...

SUSE CVE-2011-2623

Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service application crash or hang via unknown vectors...

SUSE CVE-2011-3904

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text aka bidi handling...

SUSE CVE-2013-2909

Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings...

SUSE CVE-2014-1723

The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers IRIs, which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left RTL Unicode text...

SUSE CVE-2016-5163

The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right LTR rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left RTL Unicode text, related to...

SUSE CVE-2016-5267

Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set...

CVE-2021-22567

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a progra...

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different...

CVE-2016-5280

Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to execute arbitrary code via bidirectional text...

Buffer overflow

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

Use-After-Free

firefox is vulnerable to use-after-free vulnerability. The vulnerability exists in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function and remote attackers can execute arbitrary code via bidirectional text which results in denial-of-service conditions...