132 matches found
CVE-2024-26798
CVE-2024-26798 : Linux kernel fbcon font restore regression fix. The commit a5a923038d70 initially restored old font data on vc_resize() failure but only for user fonts; system/internal fonts were left unreverted, causing a subsequent fbcon_do_set_font() to fail restoration and potentially crash ...
CVE-2024-26798 fbcon: always restore the old font data in fbcon_do_set_font()
In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcondosetfont Commit a5a923038d70 fbdev: fbcon: Properly revert changes when vcresize failed started restoring old font data upon failure of vcresize. But it performs so only for user...
Two Qt security advisorys: GDI Font Engine & WebP image format
An issue on Windows with the GDI font engine has been reported and has been assigned the CVE id CVE-2023-43114. When corrupt font data is passed to the GDI font engine via QFontDatabase::addApplicationFontFromData then it can trigger a crash in the application. Solution: As a workaround, validate...
SUSE CVE-2006-3740
Integer overflow in the scancidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted 1 CMap and 2 CIDFont font data with modified item counts in the a begincodespacerange, b cidrange, and c notdefrange sections...
SUSE CVE-2010-4054
The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...
SUSE CVE-2012-1127
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font...
SUSE CVE-2012-1130
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via crafted property data in a PCF font...
SUSE CVE-2015-6781
Integer overflow in the FontData::Bound function in data/fontdata.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT...
SUSE CVE-2016-3443
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue...
The vulnerability of the Adobe InCopy text creation and editing software lies in the reading of data outside the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Adobe InCopy text creation and editing software relates to reading data outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially created data in the font...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created data in the font format...
UBUNTU-CVE-2018-6358
The printDefineFont2 function util/listfdb.c in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file...
CVE-2017-16362
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugi...
Out-of-bounds
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugi...
CVE-2017-16362
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugi...
CVE-2017-16362
Technical details about CVE-2017-16362 are not provided in the supplied documents. Public information appears limited to vulnerability description and CVSS metrics; monitor for updates from official advisories for affected products, impact, and fixes.
Memory corruption
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code...
JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue...
CVE-2017-3041
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution...
CVE-2017-3041
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution...