Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in USP10!AssignGly

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1023 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!AssignGlyphTypes function, while trying to display text using a corrupted font file: ---...

Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!otlCacheManager::GlyphsSubstituted (MS17-011)

Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!otlCacheManager::GlyphsSubstituted MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1025 We have encountered a crash in the Windows Uniscribe user-mode library, in the memset function called by...

Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1031 Through fuzzing, we have discovered a number of different crashes in the Windows Uniscribe user-mode library, while trying to display text using a corrupted font file or calling documented Uniscribe API functions against such...

Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1022 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!otlList::insertAt, while trying to display text using a corrupted font file: --- 4b44.24a8: Access violation - cod...

Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1029 We have encountered a number of crashes in the Windows Uniscribe user-mode library, while trying to display text using a corrupted font file. While crashes in this specific family take various shapes and forms, they all occur ...

Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)

Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1019 We have encountered a crash in the Windows Uniscribe user-mode library, in the usp10!otlChainRuleSetTable::rule...

Microsoft Windows - USP10!otlList::insertAt Uniscribe Font Processing Heap Buffer Overflow (MS17-011)

Microsoft Windows - USP10!otlList::insertAt Uniscribe Font Processing Heap Buffer Overflow MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1022 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by...

Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in USP10!UpdateGlyphFlags (MS17-011)

Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in USP10!UpdateGlyphFlags MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1028 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!UpdateGlyphFlags function, while...

Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in USP10!UpdateGlyphFla

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1028 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!UpdateGlyphFlags function, while trying to display text using a corrupted font file: ---...

The vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability that allows for remote execution of code is related to improper processing of TrueType fonts by the kernel-level driver in Windows. If this vulnerability is exploited successfully, a malicious individual can execute arbitrary code at the kernel level. As a result, they can insta...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to execute arbitrary code.

Mozilla SeaMonkey’s email client contains a vulnerability related to errors in the implementation of the cairotruetypeindextoucs4 function in the Cairo library. Exploiting this vulnerability allows malicious actors to execute arbitrary code remotely, using a specially crafted extension that...

CVE-2014-9746

The 1 t1parsefontmatrix function in type1/t1load.c, 2 cidparsefontmatrix function in cid/cidload.c, 3 t42parsefontmatrix function in type42/t42parse.c, and 4 psparserloadfield function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a...

Microsoft Windows - Kernel ATMFD.dll OTF Font Processing Pool-Based Buffer Overflow (MS16-026)

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=683 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N...

Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)

Source: https://code.google.com/p/google-security-research/issues/detail?id=682 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file: --- DRIVEROVERRANSTACKBUFFER f7 A driver has overrun a stack-based buffer. This overrun could...

Microsoft Windows Kernel - 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)

Source: https://code.google.com/p/google-security-research/issues/detail?id=506 We have encountered a number of Windows kernel crashes in the win32k.sys driver while processing a specific corrupted TTF font file. The cleanest stack trace we have acquired, which might also indicate where the pool...

Windows win32k.sys TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=368&can=1 We have encountered a number of Windows kernel crashes in the win32k!itrpIUP function a handler of the IUP TTF program instruction while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA ...

Windows win32k.sys TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=368&can=1 We have encountered a number of Windows kernel crashes in the win32k!itrpIUP function a handler of the IUP TTF program instruction while processing corrupted TT...

Microsoft Windows - win32k.sys TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow

Microsoft Windows - win32k.sys TTF Font Processing IUP Program Instruction Pool-Based Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=368&can=1 We have encountered a number of Windows kernel crashes in the win32k!itrpIUP function a handler of the IUP TT...

Microsoft Windows - 'win32k.sys' TTF Font Processing win32k!fsc_BLTHoriz Out-of-Bounds Pool Write

Source: https://code.google.com/p/google-security-research/issues/detail?id=402&can=1 We have encountered a Windows kernel crash in the win32k!fscBLTHoriz function while processing corrupted TTF font files, such as: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and...

Microsoft Windows - 'win32k.sys' TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=368&can=1 We have encountered a number of Windows kernel crashes in the win32k!itrpIUP function a handler of the IUP TTF program instruction while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA ...