73 matches found
EUVD-2011-3412
Malware in sbrugna...
EUVD-2009-2814
Malware in sbrugna...
EUVD-2010-1828
Malware in sbrugna...
EUVD-2008-4219
Malware in sbrugna...
EUVD-2010-1853
Malware in sbrugna...
USN-7228-1 libreoffice vulnerabilities
Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to create arbitrary files ending with ".ttf"...
CVE-2024-12425
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font...
CVE-2024-12425
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font...
Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2023-1905 Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability February 15, 2024 CVE Number CVE-2024-20735 SUMMARY An out-of-bounds read vulnerability exists in the font file processing functionality of Adobe Acrobat Reader 2023.006.2038...
Microsoft DirectWrite AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
Microsoft DirectWrite AFDKO - Multiple Bugs in OpenType Font Handling Related to the post Table -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...
ttembed integer overflow vulnerability
ttembed is an embedded font program. A security vulnerability exists in the handling of input files in ttembed, which stems from the program failing to detect file boundaries. An attacker can exploit this vulnerability to corrupt an input file...
ttembed denial of service vulnerability
ttembed is an embedded font program. An input validation vulnerability exists in ttembed. An attacker could exploit this vulnerability to cause a denial of service with a specially crafted input file...
Microsoft Embedded OpenType Font Engine Information Disclosure Vulnerability
Microsoft Windows 7 and Windows Server 2008 are both products of Microsoft Corporation. The former is an operating system for personal computers and the latter is a server operating system.Windows Embedded OpenType EOT font engine is one of the font engines. An information disclosure vulnerabilit...
CVE-2016-3396
Graphics Device Interface aka GDI or GDI+ in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync...
CVE-2016-3304
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute...
CVE-2016-3303
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute...
CVE-2016-3301
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync...
Code injection
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync...
CVE-2016-3303
CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...
CVE-2016-3303
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute...