WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting

WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

Astra Linux – Vulnerability in xrdp

XRDPTRP is an open-source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounded. Since some of this data is controllable by the user, this can lead to an out-of-bounds read within the xrdp executable. The vulnerability allows for an out-of-bounds read within a...

Astra Linux – Vulnerability in TeXeVe-bin

It was discovered that texlive-bin commit c515e contains a heap buffer overflow vulnerability through the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service DoS by providing a malicious TTF file...

Astra Linux – Vulnerability in Firefox

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, it was rendered using page fonts. Side-channel attacks on the text using specially crafted fonts could have led to this text being interpreted by the webpage. This vulnerability affects Firefox versions earlier...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

📄 FreeType Font Rendering Overflow Test Harness / Crash Detection

This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues such as heap buffer overflows when loading malicious or malformed TrueType font files...

📄 FreeType SHZ 2.14.3 Heap Buffer Overflow

This Python proof of concept framework is designed for security research into a reported heap buffer overflow condition affecting the FreeType TrueType bytecode interpreter. The code constructs specially crafted font structures intended to exercise the SHZ instruction path, generates malformed...

OESA-2026-2681 xorg-x11-server security update

X.Org X11 X server Security Fixes: 'Hi all,\n\nCVEs have been issued now, please see inline below\n\nOn Tue, Jun 02, 2026 at 10:01:46AM +1000, Peter Hutterer wrote:', "=======================================================================\nX.Org Security Advisory: June 2, 2026 \n\nIssues in X.Or...

FreeType Automated Font Corpus Scanner

This Python framework implements a structured font-analysis pipeline for large-scale robustness testing of FreeType font parsing behavior...

FreeType Experimental TrueType Glyph Construction

This Python code outlines an experimental framework for constructing synthetic TrueType font structures intended for studying parser behavior, glyph-processing logic, and edge-case handling within font-rendering pipelines...

Malicious code in tailwind-typography-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29345b97ddc8c5fe985d1a69d53db15e4126052929267a584b463e94f43b0bc3 [email protected] impersonates the legitimate @tailwindcss/typography Tailwind CSS plugin confusable name, copied plugin export shape,...

Font Generator for Embedded Bitmap and Color Glyph Pipeline Robustness Testing

This Python program constructs a handcrafted TrueType font file that combines multiple font subsystems - including embedded bitmap tables, color glyph definitions, glyph mapping structures, and minimal layout metadata - into a single synthetic test artifact...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Pillow vulnerabilities (USN-8399-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8399-1 advisory. It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use thi...

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch

...

Adobe Acrobat Reader DC Font Handling Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...