Microsoft Windows - 'win32k.sys' TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access

Source: https://code.google.com/p/google-security-research/issues/detail?id=401&can=1 We have encountered a Windows kernel crash in the win32k!fscRemoveDups function while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. This canno...

Debian DLA-219-1 : icu security update

Several vulnerabilities were discovered in the International Components for Unicode ICU library : CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional...

Mandriva Linux Security Advisory : icu (MDVSA-2015:161-1)

Updated icu packages fix security vulnerabilities : The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a...

DLA-183-1 libxfont - security update

Bulletin has no description...

Debian Security Advisory DSA 3187-1 (icu - security update)

Several vulnerabilities were discovered in the International Components for Unicode ICU library. CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional...

DSA-3187-1 icu - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3187-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2522-1 icu vulnerabilities

It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubun...

Important: Red Hat Security Advisory: libXfont security update

Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)

update to icedtea-2.3.9 bnc816720 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework RMI model -...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

OpenJDK: Resource denial of service (AWT, 8001038)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the...

ICU: Layout Engine font processing errors (JDK 2D, 8001031)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous...

ICU: Layout Engine font processing errors (JDK 2D, 8001031)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous...

OpenJDK: Resource denial of service (AWT, 8001038)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the...

PT-2013-4724 · Microsoft · Windows Xp +8

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 version SP1 Microsoft Windows 8 Microsof...

Kingsoft Writer 2012 WPS字体名称缓冲区溢出漏洞

BUGTRAQ ID: 61796 CVECAN ID: CVE-2013-3934 Kingsoft Writer是免费的字处理软件。 Kingsoft Writer 2012在处理字体名称时存在边界错误，攻击者利用带有超长字体名称的特制WPS文件可造成栈缓冲区溢出。 0 Kingsoft Corp Writer 2012 Kingsoft Corp Office 2012 厂商补丁： Kingsoft Corp ------------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Adobe Digital Editions嵌入式字体处理内存破坏漏洞(CVE-2013-1377)

BUGTRAQ ID: 61528 CVECAN ID: CVE-2013-1377 Adobe Digital Editions是阅读和管理电子书及其他数字出版物的软件，支持工业标准电子书格式，例如PDF/A、EPUB。 Adobe Digital Editions 2.0.67532的rmsdkwrapper.dll模块会在处理嵌入字体流的CVT程序表时出错，攻击者通过PDF文件内的特制字体流，利用此漏洞可破坏内存。 0 Adobe Digital Editions 2.0.67532 厂商补丁： Adobe -----...

OpenJDK: Resource denial of service (AWT, 8001038)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the...

OpenJDK: Resource denial of service (AWT, 8001038)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the...