Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1636)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : grub2 (ELSA-2023-12019)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12019 advisory. - Fix CVE-2022-2601 and CVE-2022-3775 Orabug: 34871953 Tenable has extracted the preceding description block directly from the Oracle Linux security...

AlmaLinux 8 : grub2 (ALSA-2023:0049)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0049 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value,...

CVE-2022-3775

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...

CVE-2022-3775

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...

CVE-2022-3775

CVE-2022-3775 affects grub2 font rendering (grub_font_construct_glyph). The issue arises when rendering certain unicode sequences: the code does not adequately validate the glyph width/height against the bitmap, causing an out-of-bounds write to grub2 heap, leading to memory corruption and potent...

CVE-2022-3775

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption an...

CVE-2022-3775

A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this...

UBUNTU-CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc,...

Mozilla Firefox < 3.5.16 Multiple Vulnerabilities

Binary data 801351.prm...

CVE-2009-2514

CVE-2009-2514 is a Win32k.sys remote code execution vulnerability in the embedded OpenType (EOT) font parsing path. The kernel component on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2 parses EOT fonts and can be coerced by a crafted font to execute arbitrary code with kernel privileges. The...

DSA-1178-1 freetype

Bulletin has no description...