Lucene search
K

33 matches found

OSV
OSV
added 2022/06/20 8:22 p.m.8 views

MAL-2022-3248 Malicious code in fusion-plugin-font-loading (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be24efc5a9c2d3f7b12c25c1c3236c9b0d9c2edeb06ffcfb4d1de013d764d1aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Microsoft KB
Microsoft KB
added 2020/04/10 12:0 a.m.6 views

Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2

Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2 Symptoms On a computer that is running Windows 7 or Windows Server 2008 R2, you may experience slow performance in applications that use the DirectWrite API for example,...

6AI score
Exploits0
NVD
NVD
added 2020/03/14 1:15 a.m.19 views

CVE-2020-10566

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow...

7.8CVSS7.7AI score0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/14 12:52 a.m.24 views

CVE-2020-10566

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow...

7.7AI score0.00341EPSS
Exploits0References1
CVE
CVE
added 2020/03/14 12:52 a.m.161 views

CVE-2020-10566

CVE-2020-10566 affects grub2-bhyve used in FreeBSD bhyve prior to revision 525916 (2020-02-12). Affected component is grub2-bhyve’s handling of font loading via a guest grub2.cfg, which leads to a buffer overflow. Multiple sources (NVD, Red Hat advisory, CNVD, CNVD mirrors) corroborate the vulner...

7.8CVSS7.6AI score0.00341EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/11/13 3:20 a.m.23 views

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks and possibly other attacks. This vulnerability is possible because the xpsloadlinksinglyphs function doesn't verify if a font can be loaded before trying to load it. This can be triggered using a .xps file...

7.8CVSS7.2AI score0.01324EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2017/09/22 6:0 a.m.29 views

CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xpsloadlinksinglyphs in...

7.1AI score0.01324EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2017/09/22 6:0 a.m.25 views

CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xpsloadlinksinglyphs in...

7.8CVSS8AI score0.01324EPSS
Exploits1
Exploit DB
Exploit DB
added 2016/06/21 12:0 a.m.34 views

Microsoft Windows - Custom Font Disable Policy Bypass

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=779 Windows: Custom Font Disable Policy Bypass Platform: Windows 10 Only Class: Security Feature Bypass Summary: It’s possible to bypass the ProcessFontDisablePolicy check in win32k to load a custom font from an arbitrary file on...

7.4AI score
Exploits0
CNVD
CNVD
added 2015/12/18 12:0 a.m.2 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2015-08313)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. The 'DirectWriteFontInfo::LoadFontFamilyData' function in the gfx/thebes/gfxDWriteFontList.cpp file in Mozilla Firefox versions prior to 43.0 has a Buffer overflow vulnerability. A remote...

10CVSS8.8AI score0.04318EPSS
Exploits0References1
OSV
OSV
added 2015/10/15 12:0 a.m.5 views

UBUNTU-CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...

7.5CVSS7.3AI score0.01697EPSS
Exploits0References7
OSV
OSV
added 2015/02/08 11:59 a.m.1 views

DEBIAN-CVE-2014-9657

The ttfaceloadhdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted TrueType font...

7.5CVSS7.9AI score0.05059EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2009/04/06 4:34 p.m.4 views

php: buffer overflow in the imageloadfont function in gd extension

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

7.5CVSS7.5AI score0.06847EPSS
Exploits1References4
Rows per page
Query Builder