EUVD-2026-26000

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

CVE-2026-33812 Excessive memory allocation when decoding malicious SFNT in golang.org/x/image

Parsing a malicious font file can cause excessive memory allocation...

[SECURITY] Fedora 42 Update: fonttools-4.61.0-1.fc42

fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and fr om an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats...

EUVD-2014-9478

Malware in sbrugna...

EUVD-2017-12082

Malware in sbrugna...

EUVD-2010-3986

Malware in sbrugna...

EUVD-2023-39180

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating ...

CVE-2023-35177

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser...

[SECURITY] Fedora 41 Update: woff-0.20091126-47.fc41

Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...

[SECURITY] Fedora 42 Update: woff-0.20091126-47.fc42

Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6835-1 advisory. It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format...

Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2023-1905 Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability February 15, 2024 CVE Number CVE-2024-20735 SUMMARY An out-of-bounds read vulnerability exists in the font file processing functionality of Adobe Acrobat Reader 2023.006.2038...

CVE-2023-35177

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser...

Stack overflow

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser...

CVE-2023-35177

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser...

SUSE CVE-2010-1797

Multiple stack-based buffer overflows in the cffdecoderparsecharstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute...

grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass

A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention...

Fedora: Security Advisory for woff (FEDORA-2022-c30d362ce5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: woff-0.20091126-35.fc37

Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...