2 matches found
Avast! - Integer Overflow Verifying numFonts in TTC Header
Source: https://code.google.com/p/google-security-research/issues/detail?id=549 If the numFonts field in the TTC header is greater than SIZEMAX+1 / 4, an integer overflow occurs in filevirusttf when calling CSafeGenFile::SafeLockBuffer. The TTC file format is described here...
Avast! - Integer Overflow Verifying numFonts in TTC Header
Avast! - Integer Overflow Verifying numFonts in TTC Header Source: https://code.google.com/p/google-security-research/issues/detail?id=549 If the numFonts field in the TTC header is greater than SIZEMAX+1 / 4, an integer overflow occurs in filevirusttf when calling CSafeGenFile::SafeLockBuffer. T...