CVE-2022-26382

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox 98...

EUVD-2016-2804

Malware in sbrugna...

EUVD-2014-9484

Malware in sbrugna...

EUVD-2014-9470

Malware in sbrugna...

EUVD-2016-3871

Malware in sbrugna...

EUVD-2014-9472

Malware in sbrugna...

CVE-2014-9662

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted OTF font...

CVE-2012-1140

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via a crafted PostScript font object...

CVE-2011-0064

The hbbufferensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary...

CVE-2010-2808

Buffer overflow in the MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File aka LWFN font...

CVE-2008-1693

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...