freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

CVE-2024-54486

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted font may result in the disclosure of process memory...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 18.1 and Apple iPadOS version 18.1, which stems from the handlin...

grub2 安全漏洞

grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2, which stems from the fact that an attacker can use maliciously crafted pf2 fonts to achieve out-of-bounds writes leading to memory corruption and safe boot circumvention...

Apple tvOS 缓冲区错误漏洞

Apple tvOS is a set of smart TV operating systems from Apple Inc. in the United States. Apple tvOS suffers from a security vulnerability that stems from an out-of-bounds read issue resolved through improved input validation. This issue has been fixed in tvOS 15, watchOS 8, iOS 15, and iPadOS 15...

Apple iOS和Apple iPadOS 缓冲区错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS 14.0 and iPadOS prior to 14.0, which stems from the handling of maliciously...

Vulnerability of t1_check_unusual_charstring in the TeX Live typesetting system, allowing a hacker to execute arbitrary code

The vulnerability of the t1checkunusualcharstring function in the TeX Live typesetting system is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code by loading malicious fonts...

CVE-2018-17407

An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex...

Microsoft Windows GDI Remote Code Execution Vulnerability

Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows where the GDI component fails to properly handle embedded fonts, allowing remote attackers to exploit the vulnerability to build malicious fonts that can be parsed by the user and can be executed...

Apple OS X CoreGraphics Font File Handling Code Execution Vulnerability

Apple OS X is an operating system developed by Apple Inc. Apple OS X CoreGraphics handles font files with a security vulnerability that allows attackers to exploit the vulnerability to build malicious fonts that can be tricked into parsing by applications, which can crash the application or execu...