33 matches found
MAL-2022-3248 Malicious code in fusion-plugin-font-loading (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be24efc5a9c2d3f7b12c25c1c3236c9b0d9c2edeb06ffcfb4d1de013d764d1aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2
Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2 Symptoms On a computer that is running Windows 7 or Windows Server 2008 R2, you may experience slow performance in applications that use the DirectWrite API for example,...
CVE-2020-10566
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow...
CVE-2020-10566
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow...
CVE-2020-10566
CVE-2020-10566 affects grub2-bhyve used in FreeBSD bhyve prior to revision 525916 (2020-02-12). Affected component is grub2-bhyve’s handling of font loading via a guest grub2.cfg, which leads to a buffer overflow. Multiple sources (NVD, Red Hat advisory, CNVD, CNVD mirrors) corroborate the vulner...
Denial Of Service (DoS)
MuPDF is vulnerable to denial of service DoS attacks and possibly other attacks. This vulnerability is possible because the xpsloadlinksinglyphs function doesn't verify if a font can be loaded before trying to load it. This can be triggered using a .xps file...
CVE-2017-14685
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xpsloadlinksinglyphs in...
CVE-2017-14685
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xpsloadlinksinglyphs in...
Microsoft Windows - Custom Font Disable Policy Bypass
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=779 Windows: Custom Font Disable Policy Bypass Platform: Windows 10 Only Class: Security Feature Bypass Summary: It’s possible to bypass the ProcessFontDisablePolicy check in win32k to load a custom font from an arbitrary file on...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2015-08313)
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. The 'DirectWriteFontInfo::LoadFontFamilyData' function in the gfx/thebes/gfxDWriteFontList.cpp file in Mozilla Firefox versions prior to 43.0 has a Buffer overflow vulnerability. A remote...
UBUNTU-CVE-2015-6762
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...
DEBIAN-CVE-2014-9657
The ttfaceloadhdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted TrueType font...
php: buffer overflow in the imageloadfont function in gd extension
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...