21 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-35376
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
CVE-2024-20747 TALOS-2023-1908 - Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...
CVE-2024-20749 TALOS-2023-1910 - Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...
Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2023-1908 Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability February 15, 2024 CVE Number CVE-2024-20747 SUMMARY An out-of-bounds read vulnerability exists in the font file processing functionality of Adobe Acrobat Reader 2023.006.20380. ...
PT-2024-1701 · Adobe · Acrobat Reader +3
Name of the Vulnerable Software and Affected Versions: Adobe Acrobat versions prior to 20.005.30539 Adobe Acrobat Reader versions prior to 20.005.30539 Adobe Acrobat 2020 versions prior to 20.005.30539 Adobe Reader 2020 versions prior to 20.005.30539 Acrobat Reader versions 20.005.30539 and earli...
SUSE CVE-2010-1797
Multiple stack-based buffer overflows in the cffdecoderparsecharstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute...
SUSE CVE-2017-8105
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1decoderparsecharstrings function in psaux/t1decode.c...
Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
FreeType 2 buffer overflow vulnerability (CNVD-2017-06712)
FreeType 2 is designed to be small, efficient, highly customizable, and produce portable high-quality output symbol images. It can be used in a variety of other products such as image libraries, display servers, font conversion tools, image text generation tools, and more. A buffer overflow...
ALPINE-CVE-2017-8105
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1decoderparsecharstrings function in psaux/t1decode.c...
DEBIAN-CVE-2017-8105
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1decoderparsecharstrings function in psaux/t1decode.c...
ALPINE-CVE-2016-10244
The parsecharstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file...
UBUNTU-CVE-2016-10244
The parsecharstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file...
Details Available on Patched Adobe, Windows Font Vulnerabilities
A Google Project Zero researcher has publicly disclosed details on a number of patched Adobe and Microsoft vulnerabilities, including one in the Adobe Type Manager Font Driver that could enable takeover of a number of systems supporting modern font engines. Mateusz Jurczyk pointed the finger at h...
[CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch 1. Advisory Information Title: Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch Advisory Id: CORE-2010-08...
Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch
Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch 1. Advisory Information Title: Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch Advisory Id: CORE-2010-0825 Advisory URL: http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch Date published: 2010-11-08...
DEBIAN-CVE-2010-1797
Multiple stack-based buffer overflows in the cffdecoderparsecharstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute...
CVE-2010-1797
Multiple stack-based buffer overflows in the cffdecoderparsecharstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute...
CVE-2010-1797
Multiple stack-based buffer overflows in the cffdecoderparsecharstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute...