5 matches found
EUVD-2023-36535
Malicious code in bioql PyPI...
CVE-2023-32281
The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32281
CVE-2023-32281 corresponds to a vulnerability in Horner Automation software where parsing CSP project files can trigger an out-of-bounds read in the FontManager, potentially allowing arbitrary code execution in the affected process. The issue is tied to improper validation of user-supplied data d...
MGASA-2015-0478 Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
pygments -- shell injection vulnerability
NVD reports: The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...