CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

SUSE CVE•added 2026/01/07 12:25 a.m.•1 views

SUSE CVE-2025-15273

FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS8.8AI score0.0058EPSS

Exploits0References3

Positive Technologies•added 2025/12/29 12:0 a.m.•5 views

PT-2025-53820

Name of the Vulnerable Software and Affected Versions FontForge affected versions not specified Description A flaw exists in FontForge related to parsing PFB files, potentially allowing a remote attacker to execute arbitrary code. Exploitation requires user interaction, such as visiting a malicio...

8.8CVSS8.9AI score0.0058EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 5:16 p.m.•4 views

CVE-2020-0938

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could...

8.8CVSS7.5AI score0.69166EPSS

Exploits1References1

SUSE CVE•added 2023/02/15 5:48 a.m.•2 views

SUSE CVE-2012-1140

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via a crafted PostScript font object...

9.3CVSS7.8AI score0.03813EPSS

Exploits0References5

BDU FSTEC•added 2020/05/21 12:0 a.m.•3 views

The vulnerability of the Windows Adobe Type Manager Library on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Windows Adobe Type Manager Library on Windows operating systems is related to the improper handling of a specially created Adobe Type 1 PostScript font. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.4AI score0.65037EPSS

Exploits1References2

Gentoo Linux•added 2020/04/30 12:0 a.m.•45 views

FontForge: Multiple vulnerabilities

Background FontForge is a PostScript font editor and converter. Description Multiple vulnerabilities have been discovered in FontForge. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted font using FontForge,...

9.8CVSS3.8AI score0.02653EPSS

Exploits3

OSV•added 2020/04/15 3:15 p.m.•1 views

CVE-2020-1020

8.8CVSS7.6AI score0.65037EPSS

Exploits1References2

Fedora•added 2019/11/04 1:30 a.m.•11 views

[SECURITY] Fedora 30 Update: t1utils-1.41-1.fc30

t1utils is a collection of programs for manipulating PostScript type 1 and type 2 fonts containing programs to convert between PFA ASCII format, PFB binary format, a human-readable and editable ASCII format, and Macintosh resource forks...

1.2AI score

Exploits0

CNVD•added 2017/07/24 12:0 a.m.•1 views

FontForge buffer overflow vulnerability (CNVD-2017-18538)

FontForge is an open source font editing tool that supports multiple languages. A buffer overflow vulnerability exists in ValidatePostScriptFontName in FontForge version 20161012. An attacker can exploit this vulnerability with a specially crafted otf file to cause a denial of service or execute...

7.8CVSS7.7AI score0.01208EPSS

Exploits0References1

GoogleProjectZero•added 2015/07/31 12:0 a.m.•97 views

One font vulnerability to rule them all #1: Introducing the BLEND vulnerability

Posted by Mateusz Jurczyk of Google Project Zero Last month, I presented parts of my PostScript font security research at the REcon security conference in Montreal, in a talk titled “One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced...

10CVSS8.6AI score0.22911EPSS

Exploits2

NVD•added 2012/04/25 10:10 a.m.•18 views

CVE-2012-1140

9.3CVSS7.6AI score0.03813EPSS

Exploits0References18

OSV•added 2012/04/25 10:10 a.m.•8 views

CVE-2012-1140

7.7AI score

Exploits0References18

Prion•added 2012/04/25 10:10 a.m.•16 views

Memory corruption

9.3CVSS8.3AI score0.03813EPSS

Exploits0References18Affected Software2

Cvelist•added 2012/04/25 10:0 a.m.•22 views

CVE-2012-1140

7.6AI score0.03813EPSS

Exploits0References18

Debian CVE•added 2012/04/25 10:0 a.m.•28 views

CVE-2012-1140

9.3CVSS7.7AI score0.03813EPSS

Exploits0

RedHat Linux•added 2012/04/10 7:54 p.m.•4 views

freetype: multiple buffer over-read in PS parser conversion functions (#35657)

9.3CVSS6.2AI score0.03813EPSS

Exploits0References4

Ubuntu•added 2012/03/23 3:48 a.m.•79 views

USN-1403-1: FreeType vulnerabilities

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. CVE-2012-1126 Mateusz Jurczyk discovered that FreeType did not correctly handle...

10CVSS5.8AI score0.05637EPSS

Exploits0

UbuntuCve•added 2012/03/07 12:0 a.m.•25 views

CVE-2012-1140

9.3CVSS6AI score0.03813EPSS

Exploits0References2

Ubuntu•added 2011/11/18 3:36 a.m.•59 views

USN-1267-1: FreeType vulnerabilities

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. CVE-2011-3256 It was discovered...

9.3CVSS5.8AI score0.05275EPSS

Exploits1

Tenable Nessus•added 2011/11/18 12:0 a.m.•30 views

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1267-1)

9.3CVSS6.1AI score0.05275EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by