26 matches found
Astra Linux - уязвимость в ntfs-3g
In NTFS-3G versions 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution...
Incorrect Behavior Order: Validate Before Canonicalize
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...
Incorrect Behavior Order: Validate Before Canonicalize
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...
CVE-2020-37121
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code...
EUVD-2007-6369
Malware in sbrugna...
EUVD-2015-1300
Malware in sbrugna...
CVE-2025-61582 Ts3 Manager: Unauthenticated Denial of Service possible through specially crafted Unicode input
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input,...
SUSE CVE-2015-1262
platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text...
ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string
The ntfs3g package is susceptible to a heap overflow on crafted unicode input. When processing NTFS unicode input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
AZL-6749 CVE-2021-33286 affecting package ntfs-3g for versions less than 2021.8.22-1
In NTFS-3G versions 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution...
CVE-2019-19819
The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content...
DEBIAN-CVE-2018-15120
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...
UBUNTU-CVE-2015-8790
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access...
CVE-2015-1157
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service reboot and messaging disruption via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in 1 an SMS message or 2 a...
CVE-2015-1157
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service reboot and messaging disruption via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in 1 an SMS message or 2 a...
Code injection
platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text...
UBUNTU-CVE-2015-1262
platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text...
CVE-2014-1261
CVE-2014-1261 concerns a signedness error in CoreText on Apple OS X Mavericks before 10.9.2. The vulnerability allows remoteCode execution or a denial of service via a crafted Unicode font when applications load fonts, per the NVD description. Affected product: OS X Mavericks (and OS X before 10....
CVE-2011-2939
Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...
Heap overflow
Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...