34 matches found
SRC-2019-0064 : Adobe Photoshop CC Type 2 Font Charstring error Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0074 : Adobe Acrobat Pro DC Type 2 Charstring put Out-of-Bounds Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2019-0076 : Adobe Acrobat Pro DC Type 2 Charstring put Out-of-Bounds Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
TeX Live Buffer Overflow Vulnerability
TeX Live is an international TeX user organization TUG developed a set of TeX electronic typesetting system. The system provides typesetting language, macro definition and other functions. A buffer overflow vulnerability exists in the 't1checkunusualcharstring' function of the writet1.c file in...
Microsoft Windows - ATMFD.dll CharString Stream Out-of-Bounds Reads (MS15-021)
Microsoft Windows - ATMFD.dll CharString Stream Out-of-Bounds Reads MS15-021 Source: https://code.google.com/p/google-security-research/issues/detail?id=382&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, suc...
One font vulnerability to rule them all #4: Windows 8.1 64-bit sandbox escape exploitation
Posted by Mateusz Jurczyk of Google Project Zero This is the final part 4 of the “One font vulnerability to rule them all” blog post series. In the previous posts, we introduced the “blend” PostScript operator vulnerability and successfully used it to first exploit Adobe Reader, and later escape...
One font vulnerability to rule them all #3: Windows 8.1 32-bit sandbox escape exploitation
Posted by Mateusz Jurczyk of Google Project Zero This is part 3 of the “One font vulnerability to rule them all” blog post series. In the previous posts, we introduced the “blend” PostScript operator vulnerability, discussed the Charstring primitives necessary to fully control the stack contents...
freetype: off-by-one buffer over-read in parse_charstrings() / t42_parse_charstrings()
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c...
DEBIAN-CVE-2014-9659
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted OpenType font. NOTE: this...
Stack overflow
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted OpenType font. NOTE: this...
CVE-2014-9659
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted OpenType font. NOTE: this...
CVE-2014-9659
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted OpenType font. NOTE: this...
UBUNTU-CVE-2014-9659
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted OpenType font. NOTE: this...
Microsoft Windows OpenType Font - File Format Denial of Service
Microsoft Windows OpenType Font - File Format Denial of Service OpenType font file format remote client-side DoS exploit for Windows By Oleksiuk Dmytro aka Cr4sh http://twitter.com/dolex http://blog.cr4.sh mailto:[email protected] INFO: Zero day vulnerability exists in kernel-mode library ATMFD.DL...