147 matches found
OSV-2023-1272 Heap-buffer-overflow in OT::cff2::accelerator_templ_t<CFF::cff2_private_dict_opset_t, CFF::cff2_private_
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64859 Crash type: Heap-buffer-overflow READ 2 Crash state: OT::cff2::acceleratortempltCFF::cff2privatedictopsett, CFF::cff2private hbotdrawglyph hbfontdrawglyph...
(Pwn2Own) HP Color LaserJet Pro M479fdw CFF Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CFF fonts. The issue results from the...
PT-2023-35761 · Git +1 · Ghostscript
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves functions such as pdfi read cff font, pdfi load font buffer, and pdfi load...
K16380: FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659
Security Advisory Description CVE-2014-9656 The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a...
SUSE CVE-2010-3311
Integer overflow in base/ftstream.c in libXft aka the X FreeType library in FreeType before 2.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Compact Font Format CFF font file that triggers a heap-based buffer overflow,...
SUSE CVE-2016-10328
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cffparserrun function in cff/cffparse.c...
OSV-2022-457 Heap-buffer-overflow in CFF::Charset::collect_glyph_to_sid_map
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47790 Crash type: Heap-buffer-overflow READ 2 Crash state: CFF::Charset::collectglyphtosidmap cffsubsetplan::plansubsetcharset cffsubsetplan::create...
(Pwn2Own) HP LaserJet Pro MFP M283fdw CFF Font Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of HP LaserJet Pro MFP M283fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PostScript interpreter. Crafted data in a CFF font can...
CVE-2021-25065
CVE-2021-25065 affects the Smash Balloon Social Post Feed WordPress plugin prior to version 4.1.1. The vulnerability is an authenticated reflected XSS in the custom-facebook-feed feature on the cff-top admin page. Connected sources specify the issue as a reflected XSS with impact potentially enab...
OSV-2018-143 Global-buffer-overflow in CFF::BlendArg::set_blends
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11714 Crash type: Global-buffer-overflow READ 8 Crash state: CFF::BlendArg::setblends CFF::CFF2CSOpSetCFF2CSOpSetSubrSubset, CFF::SubrSubsetParam, CFF::PathProcsNul CFF2CSOpSetSubrSubset::processop...
OSV-2018-115 Global-buffer-overflow in CFF::BlendArg::set_blends
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11691 Crash type: Global-buffer-overflow READ 8 Crash state: CFF::BlendArg::setblends CFF::CFF2CSOpSet::proc CFF::CSInterpreter::int...
OSV-2020-1559 UNKNOWN WRITE in hb_vector_t<CFF::parsed_cs_op_t>::resize
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24532 Crash type: UNKNOWN WRITE Crash state: hbvectort::resize hbvectort::push CFF::parsedvaluest::addop...
OSV-2020-1555 Global-buffer-overflow in OT::VarData::get_scalars
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504 Crash type: Global-buffer-overflow WRITE 4 Crash state: OT::VarData::getscalars OT::VariationStore::getscalars CFF::cff2csinterpenvt::processblend...
OSV-2020-1553 UNKNOWN READ in hb_realloc_impl
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24497 Crash type: UNKNOWN READ Crash state: hbreallocimpl hbvectort::alloc hbvectort::resize...
OSV-2020-1551 UNKNOWN WRITE in CFF::parsed_cs_op_t::set_skip
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24507 Crash type: UNKNOWN WRITE Crash state: CFF::parsedcsopt::setskip CFF::parsedcsstrt::addcallop cff1csopsetsubrsubsett::processcallsubr...
OSV-2020-1550 UNKNOWN WRITE in hb_vector_t<CFF::dict_val_t>::resize
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24489 Crash type: UNKNOWN WRITE Crash state: hbvectort::resize hbvectort::push CFF::dictvalt hbvectort::push...
OSV-2020-1549 UNKNOWN WRITE in hb_vector_t<CFF::op_str_t>::resize
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24500 Crash type: UNKNOWN WRITE Crash state: hbvectort::resize hbvectort::push CFF::parsedvaluest::addop...
harfbuzz:hb-subset-fuzzer: Crash in CFF::parsed_cs_op_t::set_skip
Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5668566628827136 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x0000000ffd3...
OSV-2020-1325 Global-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21769 Crash type: Global-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int CFF::Charset0::getglyph...
Analyzing Dark Crystal RAT, a C# Backdoor
The FireEye Mandiant Threat Intelligence Team helps protect our customers by tracking cyber attackers and the malware they use. The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C variant of Dark Crystal RAT DCRat that the...