EUVD-2022-6555

Malicious code in bioql PyPI...

CVE-2022-29777

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h...

Remote Code Execution

font-converter is vulnerable to remote code execution. The vulnerability exists due to the missing sanitizations of user input passed to the exec function, which allows remote attackers to inject and execute malicious code...

@fb24m/etc (>=1.0.0 <=1.2.0-1), pdf-exports (=1.0.0) +1 more potentially affected by CVE-2022-21165 via font-converter (=1.1.1)

font-converter NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on font-converter and may be impacted: - @fb24m/etc =1.0.0, =1.2.0-1 - pdf-exports =1.0.0 - pdf-img-exports =1.0.0 Source cves: CVE-2022-21165 Source advisory:...

GHSA-G2C3-VWFF-M3XR Font-Converter Vulnerable to Arbitrary Command Injection

Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...

CVE-2022-21165

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

Command injection

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

CVE-2022-21165 Arbitrary Command Injection

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

CVE-2022-21165

The CVE-2022-21165 entry concerns the font-converter package (FontForge wrapper) where all versions are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into child_process.exec(). The core issue is input sanitization failure, enabling injection...

CVE-2022-21165

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

node-js-font-converter 安全漏洞

node-js-font-converter is a FontForge wrapper for zgec individual developers. It allows conversion between different font formats TTF, WOFF, OTF. A security vulnerability exists in all versions of the node-js-font-converter package, which stems from a lack of sanitization of input that may be...

PT-2022-14895 · Unknown · Font-Converter

Name of the Vulnerable Software and Affected Versions: font-converter versions all Description: The issue is related to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child process.exec function. This affects a FontForge wrapper used for conversio...

DEBIAN-CVE-2022-35463

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0478...

PT-2022-22828 · Otfcc +1 · Otfcc +1

Name of the Vulnerable Software and Affected Versions: OTFCC version 0.10.4 Description: A heap-buffer overflow issue was discovered in OTFCC. The issue occurs via the /release-x64/otfccdump+0x6c08a6 endpoint. Recommendations: For OTFCC version 0.10.4, at the moment, there is no information about...

Arbitrary Command Injection

Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF Affected versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC ...

@fb24m/etc (>=1.0.0 <=1.2.0-1), pdf-exports (=1.0.0) +1 more potentially affected by CVE-2022-21165 via font-converter (=1.1.1)

font-converter NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on font-converter and may be impacted: - @fb24m/etc =1.0.0, =1.2.0-1 - pdf-exports =1.0.0 - pdf-img-exports =1.0.0 Source cves: CVE-2022-21165 Source advisory:...

CVE-2022-29777

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h...

Ascensio System ONLYOFFICE Document Server 缓冲区错误漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among other things. A security vulnerability exists in Onlyoffice Document Server version v6.0.0 and...