Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Packet Storm
Packet Stormadded 2025/02/26 12:0 a.m.228 views

Adobe Reader CoolType Out-Of-Bounds Read

The Type1/CFF CharString interpreter code in the Adobe Reader CoolType.dll font library does not check if the input stream pointer has not gone beyond the end of the source buffer, which stores the state machine instructions. The Type1/CFF CharString interpreter code in the Adobe Reader...

10CVSS7AI score0.03356EPSS
Exploits2
F5 Networks
F5 Networksadded 2023/02/21 6:9 p.m.27 views

K16380: FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659

Security Advisory Description CVE-2014-9656 The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a...

7.5CVSS8.1AI score0.02849EPSS
Exploits3Affected Software1
Exploit DB
Exploit DBadded 2019/07/10 12:0 a.m.207 views

Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
GoogleProjectZero
GoogleProjectZeroadded 2015/08/13 12:0 a.m.22 views

One font vulnerability to rule them all #3: Windows 8.1 32-bit sandbox escape exploitation

Posted by Mateusz Jurczyk of Google Project Zero This is part 3 of the “One font vulnerability to rule them all” blog post series. In the previous posts, we introduced the “blend” PostScript operator vulnerability, discussed the Charstring primitives necessary to fully control the stack contents...

8.4AI score
Exploits0
Prion
Prionadded 2015/02/08 11:59 a.m.26 views

Stack overflow

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted OpenType font. NOTE: this...

7.5CVSS8.3AI score0.02849EPSS
Exploits2References9Affected Software5
OSV
OSVadded 2015/02/08 12:0 a.m.0 views

UBUNTU-CVE-2014-9659

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted OpenType font. NOTE: this...

7.5CVSS7.6AI score0.02849EPSS
Exploits2References3
Rows per page
Query Builder