freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

Fedora 43 : chromium (2026-b17799ac62)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b17799ac62 advisory. Update to 148.0.7778.178 CVE-2026-9111: Use after free in WebRTC CVE-2026-9110: Inappropriate implementation in UI CVE-2026-9112: Use after free in...

Alibaba Cloud Linux 3 : 0122: java-17-openjdk (ALINUX3-SA-2026:0122)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0122 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-22007: No description is availabl...

Astra Linux - уязвимость в freetype

A out-of-bounds write exists in FreeType versions 2.13.0 and below earlier versions of FreeType are not vulnerable. This issue occurs when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned...

Astra Linux - уязвимость в libreoffice

An improper limitation of a pathname to a restricted directory “Path Traversal” vulnerability exists in The Document Foundation LibreOffice. This vulnerability allows for absolute path traversal. An attacker can write to arbitrary locations, even those prefixed with “.ttf”, by providing a file in...

Astra Linux - уязвимость в chromium

Using “after free” in Fonts in Google Chrome before version 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

CVE-2026-8610

The CVE describes an authorization bypass in the TypeSquare Webfonts for ConoHa WordPress plugin up to version 2.0.4. Authenticated users with subscriber-level access (or higher) can modify site-wide font settings by submitting a POST to any wp-admin page, bypassing proper authorization checks. F...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021623 advisory. In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for getdefaultfont Shifting signed 32-bit value by...

ROS-20260520-73-0037

A vulnerability in the Fonts component of the Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

SUSE CVE-2026-8558

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-8577

Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

Chromium: CVE-2026-8577 Integer overflow in Fonts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8558 Out of bounds write in Fonts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-42308

A flaw was found in Pillow, a Python imaging library. If a font advances for each glyph by an exceeding large amount, an integer overflow can occur when Pillow tracks the current position. This could lead to a denial of service DoS condition, making the application unavailable. Mitigation To...

CVE-2026-8577

An integer overflow flaw was found in the Fonts component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496302307...

CVE-2026-8558

An out of bounds write flaw was found in the Fonts component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503425922...

CVE-2026-8558

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-8577

Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8558

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-8577

Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...