17 matches found
CVE-1999-0413
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path...
EUVD-2014-0259
Malware in sbrugna...
EUVD-1999-0413
Malware in sbrugna...
USN-7228-1 libreoffice vulnerabilities
Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to create arbitrary files ending with ".ttf"...
GHSA-97M3-52WR-XVV2 Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...
SUSE CVE-2014-0209
Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffe...
libX11: Off-by-one error in XListExtensions in ListExt.c
An off-by-one error has been discovered in libX11 in functions XGetFontPath, XListExtensions, and XListFonts. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the...
Pygments Arbitrary Command Execution Vulnerability
Pygments is a set of syntax highlighting tools that can be used in forums, wikis and other web applications with command line tools and development packages. A security vulnerability in the 'FontManager.getnixfontpath' function in Pygments' formatters/img.py file allows remote attackers to execut...
PYSEC-2016-32
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
UBUNTU-CVE-2015-8557
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
libXfont: integer overflow of allocations in font metadata file parsing
A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server...
libXfont: integer overflow of allocations in font metadata file parsing
A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server...
CVE-2014-0209
Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffe...
DEBIAN-CVE-2014-0209
Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffe...
CVE-2014-0209
Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffe...
CVE-1999-0413
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path...
CVE-1999-0413
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path...