Lucene search
K

209 matches found

0day.today
0day.today
added 2019/04/17 12:0 a.m.165 views

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in scFindExtrema4 A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library...

8.1CVSS0.4AI score0.11466EPSS
Exploits1
exploitpack
exploitpack
added 2019/04/17 12:0 a.m.29 views

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself ...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/17 12:0 a.m.50 views

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID

A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont test.ttf Iteratio...

7.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/03/12 12:0 a.m.6 views

July 24, 2018—KB4338822 (OS Build 14393.2395)

July 24, 2018—KB4338822 OS Build 14393.2395 Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats.To continue receivin...

7AI score
Exploits0
exploitpack
exploitpack
added 2019/02/18 12:0 a.m.42 views

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/18 12:0 a.m.48 views

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- Iteration 0,0 Iteration 0,1 A fatal...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/18 12:0 a.m.51 views

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of OpenType fonts. It manifests itself in the form of the following crash with AFL's libdislocator: --- cut --- gdb$ c Continuing...

7.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/09/27 12:0 a.m.3 views

May 25, 2017—KB4020102 (OS Build 15063.332)

May 25, 2017—KB4020102 OS Build 15063.332 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where NTLM fails to generate a challenge response when CredGuard is enabled, NTLMv...

6.9AI score
Exploits0
UbuntuCve
UbuntuCve
added 2018/06/11 9:29 p.m.25 views

CVE-2018-5121

Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating syste...

5.3CVSS6.8AI score0.01471EPSS
Exploits0References2
Prion
Prion
added 2018/06/11 9:29 p.m.17 views

Code injection

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affect...

5CVSS6AI score0.01629EPSS
Exploits0References9Affected Software4
Prion
Prion
added 2018/06/11 9:29 p.m.18 views

Code injection

Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating syste...

5CVSS5.5AI score0.01471EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.39 views

CVE-2018-5121

Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating syste...

5.3CVSS7.5AI score0.01471EPSS
Exploits0
Fedora
Fedora
added 2018/03/13 5:19 p.m.34 views

[SECURITY] Fedora 26 Update: freetype-2.7.1-10.fc26

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

6.5CVSS1.5AI score0.02124EPSS
Exploits0
Fedora
Fedora
added 2018/02/20 5:21 p.m.33 views

[SECURITY] Fedora 27 Update: freetype-2.8-8.fc27

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

6.5CVSS1.5AI score0.02124EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/02/04 12:0 a.m.24 views

Debian: Security Advisory (DLA-1013-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.4AI score0.05216EPSS
Exploits6References3
Ubuntu
Ubuntu
added 2017/08/21 1:7 p.m.99 views

USN-3398-1: graphite2 vulnerabilities

Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or...

9.8CVSS7.7AI score0.05216EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2017/07/06 12:0 a.m.37 views

Debian DLA-1013-1 : graphite2 security update

Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. For Debian 7 'Wheezy', these problems have been fixed in version 1.3.10-1deb7u1. We recommend that you...

9.8CVSS7.8AI score0.05216EPSS
Exploits6References9
Debian
Debian
added 2017/07/05 12:16 p.m.48 views

[SECURITY] [DLA 1013-1] graphite2 security update

Package : graphite2 Version : 1.3.10-1deb7u1 CVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the...

9.8CVSS9.9AI score0.05216EPSS
Exploits6
Debian
Debian
added 2017/06/22 5:43 p.m.51 views

[SECURITY] [DSA 3894-1] graphite2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3894-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2017 https://www.debian.org/security/faq -...

9.8CVSS10AI score0.05216EPSS
Exploits6
Fedora
Fedora
added 2017/05/07 12:3 a.m.46 views

[SECURITY] Fedora 25 Update: freetype-2.6.5-7.fc25

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

9.8CVSS1.5AI score0.04188EPSS
Exploits0
Rows per page
Query Builder